Most of the online WatchGuard Firebox devices impacted by the flaw were in the U.S., followed by Germany, Italy, the UK, Canada, and France, data from The Shadowserver Foundation revealed. WatchGuard, which addressed the security issue on Sept. 17, noted the possibility of abuse without authentication through the delivery of specially crafted IKEv2 packets to unpatched endpoints.

Only Firebox appliances using IKEv2 VPNs with dynamic gateway peers versions 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3, and 2025.1 were reported to be affected by the issue. Organizations have been urged to promptly upgrade to versions 12.11.4, 12.5.13, and 12.3.1_Update3 (B722811), as well as 2025.1.1, to mitigate potential compromise.

Temporary workarounds involving IPSec and IKEv2-secured connections have also been recommended for those with devices that have Branch Office VPNs to static gateway peers.