heise PlusAbo
Anzeige

Security update: Unauthorized access to WatchGuard Firebox conceivable

Attackers can access WatchGuard Firebox firewalls. Repaired Fireware OS versions are available for download.

listen Print view
Above the center, a red security lock with a finger on it, surrounded by other security locks in blue. Schematic representation.

(Image: Ole.CNX / Shutterstock.com)

1 min. read
Security
By

If the prerequisites are met, unauthorized access to various Firebox models from WatchGuard is possible. Admins should install the available security update promptly. So far, there are no reports of attackers targeting devices in this way.

Protect instances from possible attacks

In a warning message, the developers state that the vulnerability (CVE-2026-1498 “high”) affects firewalls with Fireware OS versions 12.x, 12.5.x (models T15 and T35), and 2025.1. According to the description of the flaw, remote attackers can initiate LDAP authentication without authentication and access information that should not be visible. If an attacker has a valid passphrase of a legitimate user, they can access instances as that user in the context of an attack. The developers state that they have repaired versions 12.5.16, 12.11.7, and 2026.1.

Videos by heise

At the end of last year, malware attacks on WatchGuard firewalls made headlines.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten