Archive | WatchGuard Software RSS feed for this section

11.8.3 Update 1 now available to fix Heartbleed vulnerabilty in Fireware XTM OS

New Release: Fireware XTM 11.8.3 Update 1
Yesterday we posted an update about the Heartbleed vulnerability (CVE-2014-0160) in OpenSSL. We are pleased to announce that 11.8.3 Update 1 is now available at the software download site with a critical patch to address this issue in WatchGuard appliances.  We recommend you update immediately if you use Fireware XTM v11.8.x. This flaw does not affect appliances running Fireware XTM v11.7.4 or earlier.

WatchGuard is not aware of any breaches involving this vulnerability, but because of its critical nature and the length of time it has been available to exploit, we recommend that you take measures to change passwords and renew certificates used in your XTM device after you upgrade. We have published a knowledge base article with details on how to do this. 

The WatchGuard IPS service now includes four signatures  in the version 4.404 set that protect against exploits of the heartbleed vulnerability.

Does This Release Pertain to Me?
This release applies to all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances, but only those running 11.8.x versions of the firmware. Please read the Release Notes before you upgrade, to understand what’s involved.

What about other WatchGuard products?
WatchGuard SSL VPN, Dimension and the WSM Management software are not affected. Yesterday we reported that there is an impact on the SecureMail functionality in XCS. On further analysis, we’ve determined that this is even less than thought. The vulnerable OpenSSL library is used within XCS only for communications between the XCS appliance and our SecureMail encryption provider, Voltage. XCS acts as a client for those connections, not a listening server. Therefore, the flaw could only be exploited by Voltage themselves, and no one else; as such, we believe there is no actual risk. Nevertheless, we are building a hotfix that we hope to release by the end of the week.

How Do I Get the Fireware XTM Release?
XTM appliances owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Software section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article”, and “Known Issue” search options, and press the Go button.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

The Heartbleed OpenSSL Vulnerability; Patch OpenSSL ASAP

On Monday, the OpenSSL team released a critical update for their popular SSL/TLS package, which fixes a serious cryptographic weakness in their product. If you use OpenSSL, you should read up on this issue and update OpenSSL immediately. WatchGuard products, like many others that use OpenSSL, are affected by this issue. We are currently working on updates to fix the flaw.

OpenSSL is a very popular implementation of the SSL/TLS cryptography protocols, used to encrypt many network communications, including secure web communications. This week, a Google security researcher disclosed a serious vulnerability (CVE-2014-0160) that affects OpenSSL 1.0.1 – 1.0.1f (and 1.0.2-beta), which is colloquially being called “The Heartbleed Bug.” The issue does not affect OpenSSL 0.9.8 and below.

The flaw has to do with the TLS heartbeat extension. Without going into all the technical details, a remote attacker could exploit this flaw to repeatedly reveal 64K of memory contents from a SSL/TLS connected client or server. 64K of memory might seem small, but an attacker could repeatedly exploit this flaw to gather enough contents from memory to compromise SSL key material, certificates, usernames, passwords, and potentially gain access to your entire decrypted communications. For complete details on the flaw, including a FAQ answering the most common question, I recommend you check out the Heartbleed web page.

This is a very serious vulnerability to a package than many products rely on to secure web communications. If you use the 1.0.1 branch of OpenSSL yourself, you need to update to 1.0.1g. Furthermore, this flaw will likely affect many other products you might use. Be sure to look out for alerts from your vendors on this issue.

Finally, WatchGuard XTM and XCS appliances are affected by this vulnerability (to varying degrees). Our engineering team is currently working on a fix for the issue. We should be releasing an XTM 11.8.3 CSP update shortly, which will fix the issue for XTM appliances. By the way, the flaw only affect 11.8.x versions of XTM. If you are using XTM 11.7.x or below, it uses an older version of OpenSSL which is not affected by this issue. Also, the XCS appliances are only affected if you use SecureMail. Finally, WatchGuard’s SSL VPN appliances are NOT affected by the issue since they use older versions of OpenSSL.

Please keep an eye on this blog for more details as we will post the update as soon as it’s available and tested. — Corey Nachreiner, CISSP (@SecAdept

 

WatchGuard Releases SSL VPN 3.2 Update 1

A critical update has been released for WatchGuard SSL VPN appliances.

The SSL VPN 3.2 Update 1 release includes an updated Java certificate that will prevent certificate expiration warnings each time you use a Java-based access client. The SSL certificate used by the software to sign Java applications expires on 8 April 2014. This release also resolves a compatibility issue with Java version 7u51 and later. It includes many bug fixes which were previously only provided in Cumulative Service Packs (CSPs). The Release Notes list all resolved issues in the software.

Does This Release Pertain to Me?

This release applies to all WatchGuard SSL VPN 100 and 560 appliances. WatchGuard recommends that all SSL VPN customers should deploy this upgrade to avoid unnecessary java warnings.

How Do I Get the Release?

SSL appliance owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Software section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button. Please read the Release Notes before you upgrade, to understand what’s involved.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Fireware XTM 11.8.3 Update Corrects XSS Flaw

Overall Severity: Medium

Summary:

  • This vulnerability affects: WatchGuard Fireware XTM 11.8.1 and earlier
  • How an attacker exploits it: Either by enticing an XTM administrator into clicking a specially crafted link or by directly interacting with the appliance’s web management UI (requires authentication)
  • Impact: An attacker can execute script in the context of the XTM management web UI, which could allow him to attempt to phish your credentials or gain access to your cookies or session information
  • What to do: Install Fireware XTM 11.8.3 (and limit access to the XTM web management interface)

Exposure:

Recently, we released WSM and Fireware XTM 11.8.3, which delivers many customer requested fixes and enhancements to XTM administrators. It also corrects a web application vulnerability reported to us by William Costa (a security researcher and consultant) via US-CERT’s coordinated disclosure process.

Fireware XTM includes a Web UI, which you can use to manage your XTM appliance through a web browser. One of the parameters in the firewall policy management pages (pol_name) suffers from a reflective cross-site scripting (XSS) vulnerability (CVE-2014-0338), due to it’s lack on input validation. If an attacker can trick your XTM administrator into clicking a specially crafted link, he could exploit this vulnerability to execute script in that user’s browser under the context of the XTM Web UI. Among other things, this could mean the attacker might do anything in the Web UI that your user could do.

However, it takes significant interaction for this attack to succeed. It is a reflected XSS attack, which means the attacker must trick an XTM administrator into clicking a link before the attack can take place (unless the attacker has direct access to the Web UI, and valid credentials of his own). Furthermore, the link does not bypass the Web UI authentication. This means that unless the victim is already logged into the Web UI, she would also have to enter her XTM credentials before this malicious link would work. Despite these mitigating factors, we still recommend you install 11.8.3 to fix this XSS flaw quickly.

We’d like to thank William Costa for discovering and responsibly disclosing this flaw, and thank the US-CERT team for coordinating the disclosure and response. You can find more information about this vulnerability in US-CERT’s vulnerability note

Solution Path:

WatchGuard Fireware XTM 11.8.3 corrects this security issue. We recommend you download and install 11.8.3 to fix this vulnerability. You can find more details about 11.8.3 in our release notes.

If, for some reason, you are unable to update your XTM appliances immediately, a few simple workarounds can significantly mitigate these vulnerabilities.

  • Restrict access to your appliance’s web management UI using the WatchGuard Web UI policy.  By default, our physical appliances do not allow external access to the web management UI; meaning Internet-based attackers can’t directly exploit this XSS flaw. If you like, you can fine-tune our policy even more, further limiting access. For instance, you can restrict access to very specific IP addresses or subnets,  use our user authentication capabilities to restrict access to certain users, or use our mobile VPN options to restrict access to VPN users. The more you limit access to the web interface, the less likely an attacker could directly exploit this flaw. Furthermore, this XSS attack does not bypass authentication. So even if an external attacker had access to your Web UI they’d need valid credentials to directly exploit this issue (making it a moot issue since they’d already have access to the web management interface).
  • Train administrators against clicking unsolicited links. In order to exploit this flaw, and attacker would have to trick one of your administrators into clicking a maliciously crafted link, and then entering his valid XTM management credentials. We recommend you train your XTM administrators about the dangers of clicking unsolicited links, especially ones that connect you to security appliances, and ask for additional authentication.

FAQ:

Are any of WatchGuard’s other products affected?

No. These flaws only affect Fireware 11.8.1 and below running on our XTM appliances.

What exactly is the vulnerability?

A reflective cross-site scripting (XSS) vulnerability (CVE-2014-0338) that could allow an attacker to run malicious script, and possibly gaining unauthorized access to your Web UI, assuming he can trick an administrator into clicking a malicious link.

Do these give attackers access to my XTM security appliance?

Potentially. The XSS vulnerability allows attackers to execute script in the context of your XTM appliance’s web UI. Attackers could leverage this to do many things, including stealing your session cookie, or designing a pop-up window designed to phish your credentials. It is possible the attacker might gain enough information to hijack your web session, or login to the web UI.

How serious is the vulnerability?

The XSS flaws poses a medium to low risk. Though attackers can use reflective XSS flaws to gain access to sensitive information, they require significant user interaction; in this case, both clicking a link and entering your credentials. This mitigating factors lessen the severity of this flaw. However, we still recommend you apply this update to fix it.

How was this vulnerability discovered?

These flaws were discovered by an external security researcher, William Costa, who reported them responsibly through US-CERT‘s coordinated disclosure process. We thank them both for working with us to keep our customers secure.

Do you have any indication that this vulnerability is being exploited in the wild?

No, at this time we have no indication that these vulnerabilities are being exploited in the wild.

Who can I contact at WatchGuard if I have more questions?

If you have further questions about this issue, or any other security concerns with WatchGuard products, please contact:

Corey Nachreiner, CISSP.
Director of Security Strategy and Research
WatchGuard Technologies, Inc.
http://www.watchguard.com
corey.nachreiner@watchguard.com

New Release: Fireware XTM 11.8.3 and WSM 11.8.3

WatchGuard is pleased to announce that Fireware XTM OS 11.8.3 and WSM 11.8.3 are now available. The Release Notes list all resolved issues and new enhancements in the software.

Highlights include:

  • An updated Gateway Wireless Controller dashboard in the WebUI now gives you connection information for your AP devices and the clients connected to your AP devices, including manufacturer details.
  • Support for the new Firebox T10
  • A fix for a cross-site scripting vulnerability (CERT VU#807134) in the Web UI
  • Support for  Netgear 341U 3G/4G modem.

Full details including screenshots are provided in the What’s New in 11.8.3 presentation.

Does This Release Pertain to Me?

This release applies to all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances. If you or your customers need one of the bugfixes or new enhancements we recommend upgrading to the 11.8.3 release. Please read the Release Notes before you upgrade, to understand what’s involved.

How Do I Get the Release?

XTM appliances owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Software section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article”, “Support Alerts”, and “Known Issue” search options, and press the Go button.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller ?

New Update for WatchGuard Dimension™

WatchGuard Dimension™ has been a tremendous success since it was first launched in late 2013. Customers have used the visibility tool to get key insights into security threats and critical trends in their networks. WatchGuard now expects to post the first update for Dimension later today on January 28th. Version 1.1 includes several bug fixes and enhancements to increase scalability, availability, and intuitive reporting. Full details will be outlined in the Release Notes, but key highlights include:

  • Microsoft Hyper-V support – See the Installation section of Release Notes for more information
  • Dynamic IP address to Host Name resolution for reports — for more intuitive data presentation.
  • New IP Address Map features lets you identify your devices by a static hostname instead of an IP address — enabling identification even if the Dimension instance cannot share DNS information with the security devices.
  • The ability to back up and restore your Dimension database to/from an external location — for improved recovery and administration.
  • Support for an external Postgres server, v9.2, 9.1.9, or 9.1.11 – enabling high-availability and highly scalable multi-node Dimension installations.
  • IPS reports link to Security Portal information on signatures — offering deeper information about detected threats.
  • Support for sending alerts and scheduled reports through SMTP gateways that require STARTTLS — for encrypted transit for sensitive reporting data
  • A new “Status Report” section has been added to the Dimension Administration>Database page so you can more easily see database usage information
  • The ability to specify a file location as a target for publishing scheduled reports
  • Reports for groups or multiple devices now show the report data for all appliances

Does This Release Pertain to Me?

This release applies to all Dimension users. If you or your customers need one of the bugfixes or new enhancements we recommend upgrading to the new software. Please read the Release Notes before you upgrade, to understand what’s involved, and pay special attention to the upgrade section. This first update requires a two-step process, making the updater process more flexible for future releases.

How Do I Get the Release?

XTM appliances owners who have a current LiveSecurity Service subscription can obtain the XTM OS update or Dimension without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button. If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller ?

WatchGuard Fireware XTM 11.8.1 and WSM 11.8.1

WatchGuard is pleased to announce Fireware XTM OS 11.8.1 and WSM 11.8.1. This update includes many bugfixes and some new enhancements. 

Highlights of new enhancements include:

  • Customizable authentication page
  • FireCluster for XTMv appliances
  • Secondary network support on an existing trusted or optional VLAN
  • Ability to static NAT from optional to trusted networks
  • Some enhancements to better support ISP setup. For example the ability to send and enforce static IP addresses during PPPoE negotiation
  • WatchGuard Management Servers high availability with a Windows Server cluster.
  • Support for Sierra Wireless 320U 3G/4G USB modems
  • The ability to update WatchGuard AP firmware from the Gateway Wireless Controller UI out of cycle of XTM firmware updates.

You can find more details about 11.8.1 in our Release Notes, as well as additional information, including screenshots, in our What’s New in 11.8.1 presentation [PPT].

Does This Release Pertain to Me?

This release applies to all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances. If you or your customers need one of the bugfixes or new enhancements we recommend upgrading to the 11.8.1 release.

Please read the Release Notes before you upgrade, to understand what’s involved.

How Do I Get the Release?

XTM appliances owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Software section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller ?

WatchGuard posts maintenance releases for e-Series and XTM 21/22/23 appliances.

WatchGuard has posted Fireware XTM OS 11.3.7 for e-Series and 11.6.7 for XTM 21/22/23 appliances. Along with providing significant bug fixes, these releases enable Commtouch as the anti spam solution provider. Both releases also include a fix for the buffer overflow vulnerability reported last week at WatchGuard Security Center. The Release Notes provide a complete list of all issues resolved in each software release.

Note: There is no corresponding update to WSM.

Does This Release Pertain to Me?

Customers with an XTM 21/21-W, 22/22-W, or 23/23-W appliance should upgrade to version 11.6.7. Customers with e-Series appliances should upgrade to 11.3.7.

Please read the 11.6.7 Release Notes and the 11.3.7 Release Notes before you upgrade, to understand what’s involved.

Note: These updates do not apply to customers with XTM 25 or higher appliances.

How Do I Get the Release?

XTM appliances owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller»

WatchGuard’s XTM 11.8 Software Fixes Buffer Overflow & XSS Vulnerabilities

Overall Severity: High

Summary:

  • These vulnerabilities affect: WatchGuard WSM and Fireware XTM 11.7.4 and earlier
  • How an attacker exploits them: Either by enticing an XTM administrator into clicking a specially crafted link or by visiting the appliance’s web management UI with a malicious cookie
  • Impact: In the worst case, an attacker can execute code on the XTM appliance (see mitigating factors below)
  • What to do: Install WSM and Fireware XTM 11.8 (and limit access to the XTM web management interface)

Exposure:

Last week, we released WSM and Fireware XTM 11.8, which delivers a number of powerful new features to XTM administrators. However, it also fixes two externally reported security vulnerabilities. Though both vulnerabilities have mitigating factors that somewhat limit their severity, you should still patch them quickly.

If you haven’t already installed 11.8 for its great new features, we recommend you install it for these security fixes. We summarize the two vulnerabilities below:

WGagent is one of the processes running on an XTM appliance. Among other things, WGagent is responsible for parsing the web cookies sent to the appliance’s web management interface. It suffers from a buffer overflow vulnerability involving its inability to handle specially crafted cookies containing an overly-long “sessionid.” By creating a maliciously crafted cookie, and then connecting to your XTM appliance’s web management interface (tcp port 8080),  an unauthenticated attacker can exploit this vulnerability to execute code on the appliance. Though the WGagent process runs with low privileges (nobody) and from a chroot  jail, it does have enough privilege to access your appliance’s configuration file and change passwords. So we consider this a significant vulnerability.

That said, one mitigating factor somewhat limits its severity. An attacker can only exploit the flaw if he has access to your XTM appliance’s web management interface. By default, physical XTM appliances only allow web management access to the trusted network. As long as you haven’t specifically changed the WatchGuard Web UI policy to allow external access, Internet-based attackers cannot exploit this flaw against you.

However, this is not the case for XTMv users (the virtual version of our XTM platform). As a virtual appliance, XTMv has no concept of what is internal or external until you attach its virtual interfaces to physical ones, using your hypervisor software. To make its setup easier, XTMv allows access to the web management UI from all interfaces. In other words, this flaw poses a  higher risk to XTMv appliances, if you haven’t restricted the web management policy manually.

Security best practices suggest that you limit access to your security appliance’s management interfaces. If you configure the WatchGuard Web UI policy to limit access to the management interface to only those you trust, this flaw should pose minimal risk. In any case, we still consider it a significant vulnerability, and recommend you upgrade to Fireware XTM 11.8 to fix it.

We’d like to thank Jerome Nokin and Thierry Zoller from Verizon Enterprise Solutions (GCIS Threat and Vulnerability Management) for discovering and responsibly disclosing this flaw, and thank the CERT team for coordinating the disclosure and response.

Update: If you’d like to read a very detailed report on how the researcher found this vulnerability, visit his blog.

Severity rating: High

  • Reflective XSS vulnerabilities in WatchGuard Server Software’s WebCenter (CVE-2013-5702)

WebCenter is the web-based logging and reporting UI that ships with the Server Software included with WSM. The WebCenter web application suffers from a few cross-site scripting (XSS) vulnerabilities involving some of its URL parameters. If an attacker can trick your XTM or WebCenter administrator into clicking a specially crafted link, he could exploit these vulnerabilities to execute script in that user’s browser, under the context of the WebCenter application. Among other things, this mean the attacker could do anything in the WebCenter application that your user could do.

However, it would take significant interaction for this attack to succeed. It is a reflected XSS attack, which means the attacker must trick a WebCenter administrator into clicking a link before the attack can take place. Furthermore, the link does not bypass Webcenter’s authentication. This means that unless the victim is already logged on to WebCenter, she would also have to enter her WebCenter credentials before this malicious link would work. Despite these mitigating factors, we still recommend you install 11.8 to fix these XSS flaws quickly.

We’d like to thank Julien Ahrens of RCE Security for bringing this matter to our attention, and disclosing it responsibly.

Severity rating: Medium

Solution Path:

WatchGuard Fireware XTM and WSM 11.8 correct both of these security issues. We recommend you download and install 11.8 to fix these vulnerabilities. You can find more details about 11.8 in our software announcement post.

For older appliances,  such as the e-Series devices, or an XTM 21, 22, and 23 appliances, Fireware XTM 11.6.7 and 11.3.7 also corrects this buffer overflow vulnerability.

If, for some reason, you are unable to update your XTM appliances immediately, a few simple workarounds can significantly mitigate these vulnerabilities.

  • Restrict access to your appliance’s web management UI using the WatchGuard Web UI policy.  By default, our physical appliances do not allow external access to the web management UI; meaning Internet-based attackers can’t exploit this cookie buffer overflow flaw. If you like, you can fine-tune our policy even more, further limiting access. For instance, you can restrict access to very specific IP addresses or subnets,  use our user authentication capabilities to restrict access to certain users, or use our mobile VPN options to restrict access to VPN users. The more you limit access, the less likely an attacker could exploit this flaw.
  • Limit access to WebCenter, and train administrators against clicking unsolicited links. If you like, you can also use your XTM appliance and local host firewall policy to limit access to WebCenter (running on tcp port 4130 on your WatchGuard Server). This will minimize the amount of victims a maliciously crafted link would work against. Furthermore, we recommend you train your administrators about the dangers of clicking unsolicited links, especially ones that connect you to security appliances, and ask for additional authentication.

FAQ:

Are any of WatchGuard’s other products affected?

No. These flaws only affect our XTM appliances, and the WebCenter software that ships with WSM Server Software.

What exactly is the vulnerability?

One is a buffer overflow that allows attackers to execute code on your XTM appliance, and another is a cross-site scripting (XSS) vulnerability that could allow an attacker to gain unauthorized access to WebCenter, assuming he can trick an administrator into clicking a malicious link.

Do these give attackers access to my XTM security appliance?

Yes. The buffer overflow flaw could potentially give attackers access to your XTM security appliance. Though the WGagent process involved runs with low OS privileges, it does have enough privilege to access your appliance’s configuration file, and to change things like your passwords. However, attackers could only exploit this flaw if they had access to the web management UI, which most administrators block from the Internet. For most cases, this flaw primarily poses an internal risk.

How serious is the vulnerability?

Mitigating circumstances aside, we consider the buffer overflow flaw a high risk vulnerability, and recommend you update to 11.8 as soon as possible. The XSS flaws pose lesser risk.

How was this vulnerability discovered?

These flaws were discovered by Jerome Nokin and Thierry Zoller of Verizon Enterprise Solutions, and by Julien Ahrens of RCE Security, and were both confidentially reported to WatchGuard through a very responsible process. We thank them all for working with us to keep our customers secure.

Do you have any indication that this vulnerability is being exploited in the wild?

No, at this time we have no indication that these vulnerabilities are being exploited in the wild. However, shortly after our alert, the researcher who discovered the buffer overflow flaw shared his proof of concept (PoC) exploit code publicly. This code makes it easier for unskilled attackers to try and exploit this flaw. To make sure no one can exploit this issue against you, we highly recommend your upgrade to 11.8, or be sure not to expose your web management interface externally.

Who can I contact at WatchGuard if I have more questions?

If you have further questions about this issue, or any other security concerns with WatchGuard products, please contact:

Corey Nachreiner, CISSP.
Director of Security Strategy and Research
WatchGuard Technologies, Inc.
http://www.watchguard.com
corey.nachreiner@watchguard.com

WatchGuard Dimension and Fireware XTM 11.8

WatchGuard is pleased to announce two major new software releases.

WatchGuard Dimension is a public and private cloud-ready network security visibility solution that provides reporting tools that instantly distill key issues and trends, speeding the ability to set meaningful security policies across the network. Available for download from the support center today, key features include:

  • Executive Dashboards provide a high-level view of network activity, and with just a click, users can drill all the way down to individual log data.
  • ThreatMap instantly shows by location where threats are coming from.
  • FireWatch filters traffic in a way that instantly brings your eye to the most critical information on active users and connections.
  • E-mail delivery of reports.
  • A single Executive Summary report that provides an overview of network traffic and security events.

Please read the Release Notes to get a deeper understanding of the new capabilities and options. An interactive demo is also available on the product page.

Fireware XTM 11.8 is also available now and provides powerful new features. Highlights include:

  • Data Loss Prevention prevents costly data breaches by scanning and detecting the transfer of sensitive information over email, web, and FTP.
  • All-new Web UI has enhanced ease of use, and includes popular WatchGuard tools such as Traffic Monitor and the new FireWatch. It supports mobile devices, including iOS.
  • Routed VPNs in 11.8 add tremendous flexibility to the configuration of VPNs in today’s more complex network environments. Many new use cases are supported through the ability to add VPN on a virtual interface.
  • Wireless Access Point enhancements, including manual channel selection.
  • YouTube for Schools.

A more complete list is available online, and a detailed “What’s New in 11.8” presentation is also available.

Note: 11.8 also includes important security updates to fix a buffer overflow flaw, and cross-site scripting (XSS) vulnerabilities in our products. For more details on these issues, see our WatchGuard Security Center post.

Does This Release Pertain to Me?

If you or your customers have an XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 800 Series, 1500 Series, 2500 Series, 1050 or 2050 device and wish to use the new enhancements, you should upgrade to version 11.8. Please read the Release Notes before you upgrade, to understand what’s involved.

Note: Fireware XTM 11.8 does not apply to XTM 21/22/23 appliance owners, or Firebox X e-Series owners.

WatchGuard Dimension is compatible with all XTM appliances.

How Do I Get the Release?

XTM appliances owners who have a current LiveSecurity Service subscription can obtain the XTM OS update or Dimension without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller ?

Follow

Get every new post delivered to your Inbox.

Join 7,389 other followers

%d bloggers like this: