Versions (2)
Version DetailsCurrent
Rev: 1 • Oct 17, 2025, 12:00 PMET INFO WatchGuard Fireware OS IKEv2 Unauthenticated Vulnerable Version Disclosure (CVE-2025-9242)
alert udp $HOME_NET 500 -> any any (msg:"ET INFO WatchGuard Fireware OS IKEv2 Unauthenticated Vulnerable Version Disclosure (CVE-2025-9242)"; flow:stateless,to_client; content:"|21 20 22 20|"; offset:16; depth:4; content:"|22 00|"; distance:8; within:2; content:"|bf c2 2e 98 56 ba 99 36|"; fast_pattern; base64_decode:offset 24,relative; base64_data; content:"VN|3d|"; pcre:"/^(?!(?:12\.(?:11\.[4-9]|1[3-9]|[2-9]\d+)|11\.1[02]\.[2-9])|2025\.1\x20).+\x20?/R"; reference:url,labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds-write-cve-2025-9242/; reference:cve,2025-9242; classtype:misc-attack; sid:2065235; rev:1; metadata:attack_target Networking_Equipment, created_at 2025_10_17, cve CVE_2025_9242, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_10_17; target:src_ip;)
Oct 17, 2025, 12:00 PM
Oct 17, 2025, 12:00 PM
Oct 17, 2025, 8:36 PM
Oct 20, 2025, 3:34 PM
rules/emerging-info.rules