The Cybersecurity and Infrastructure Security Agency has required federal civilian agencies and other organizations across the U.S. to patch the actively exploited high-severity privilege escalation vulnerability in WatchGuard Firebox and XTM firewall appliances, tracked as CVE-2022-23176, by May 2, reports BleepingComputer. Russian state-sponsored hacking group Sandworm has leveraged the Cyclops Blink malware to target nearly 1% of all WatchGuard firewall appliances, according to WatchGuard. "WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access," said WatchGuard. Cyclops Blink has already been removed from impacted devices after the successful disruption of the botnet. "I should caution that as we move forward, any Firebox devices that acted as bots, may still remain vulnerable in the future until mitigated by their owners. So those owners should still go ahead and adopt Watchguard's detection and remediation steps as soon as possible," said FBI Director Christopher Wray.