Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026070604072222 | Publication Time | 2026-07-06 16:27:23 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026-07-06 16:27:23 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】WatchGuard Firebox Contains a Critical Cybersecurity Vulnerability (CVE-2026-13368) |
|||
| [Content]
Forwarded from TWCERTCC Cybersecurity Alert TWCERTCC-200-202607-00000002 WatchGuard Firebox is a next-generation firewall product that provides multi-layered protection, including antivirus, IPS, APT blocking, and spam filtering. Recently, WatchGuard issued an announcement regarding a critical cybersecurity vulnerability (CVE-2026-13368, CVSS 4.x: 9.2). This vulnerability originates from a race condition in the LDAP authentication mechanism of Mobile User VPN with IKEv2, resulting in a Use-After-Free vulnerability. If Firebox has been configured with Mobile User VPN with IKEv2 and uses an external LDAP authentication server, an unauthenticated remote attacker may exploit this vulnerability to execute arbitrary code in the context of the iked process. Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed) |
|||
| [Affected Platform]
Fireware OS 2025.1 version |
|||
|
[Recommended Actions] Please update to the following versions: Fireware OS 2026.2.1 version, Fireware OS 12.12.1 version |
|||
|
[Reference] |
|||