Tech

WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers

The letters WTF in a giant speech bubble.

Enlarge (credit: Getty Images)

Security vendor WatchGuard quietly fixed a critical vulnerability in a line of its firewall devices and didn’t explicitly disclose the flaw until Wednesday, following revelations hackers from Russia’s military apparatus exploited it en masse to assemble a massive botnet.

Law enforcement agencies in the US and UK on February 23 warned that members of Sandworm—among the Russian government’s most aggressive and elite hacker groups—were infecting WatchGuard firewalls with malware that made the firewalls part of a vast botnet. On the same day, WatchGuard released a software tool and instructions for identifying and locking down infected devices. Among the instructions was ensuring appliances were running the latest version of the company’s Fireware OS.

Putting customers at unnecessary risk

In court documents unsealed on Wednesday, an FBI agent wrote that the WatchGuard firewalls hacked by Sandworm were “vulnerable to an exploit that allows unauthorized remote access to the management panels of those devices.” It wasn’t until after the court document was public that WatchGuard published this FAQ, which for the first time made reference to CVE-2022-23176, a vulnerability with a severity rating of 8.8 out of a possible 10.

Read 9 remaining paragraphs | Comments