The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civil agencies and all American organizations to install fixes for vulnerabilities in the WatchGuard Firebox and XTM firewalls.
We are talking about a highly dangerous privilege escalation vulnerability CVE-2022-23176, which was exploited by the Sandworm APT group, linked by information security experts with Russian special services, and which CISA added to its catalog of vulnerabilities actively exploited by hackers. Sandworm used it to create the sensational Cyclops Blink botnet from WatchGuard network devices for small and home offices, which was recently disabled by American law enforcement agencies.
Federal Civil Executive Branch Agencies (FCEB) must secure their systems by May 2, 2022. In addition, CISA strongly recommended that all organizations in the United States install patches against CVE-2022-23176.
Cyclops Blink affected 1% of installations of WatchGuard firewalls, as well as routers manufactured by ASUS.
Earlier, US and UK government agencies issued a joint security notice, according to which organizations should consider all devices infected with malware compromised. Administrators should immediately disable online access to the management interface.