Sophos customers should be sure that their firewall units are up to date with the most recent updates, as the seller addresses a number of safety vulnerabilities. Exploiting these vulnerabilities might permit varied malicious actions, together with code execution assaults.
A number of Vulnerabilities Patched In Sophos Firewall
In response to its current advisory, Sophos addressed at the very least three vulnerabilities within the Sophos Firewall. Particularly, these vulnerabilities embody,
- CVE-2024-12727 (vital severity; CVSS 9.8): an SQL injection vulnerability affecting the e-mail safety characteristic. This pre-auth vulnerability might let an adversary acquire entry to the goal Firewall’s reporting database and carry out distant code execution assaults. Exploiting this vulnerability requires the firewall to run in Excessive Availability (HA) mode with a selected Safe PDF eXchange (SPX) configuration enabled.
- CVE-2024-12728 (vital severity; CVSS 9.8): This vulnerability existed as a result of weak credentials, permitting an adversary to realize elevated privileges through SSH to the goal Sophos Firewall.
- CVE-2024-12729 (excessive severity; CVSS 8.8): A post-auth code injection vulnerability within the Person Portal. Exploiting the flaw might let an authenticated adversary execute codes on the goal system.
Of those, two vulnerabilities, CVE-2024-12727 and CVE-2024-12729, caught the eye of exterior safety researchers, who then reported the failings to Sophos through the agency’s bug bounty program. Sophos’ inside researchers observed the third vulnerability.
These vulnerabilities affected Sophos Firewall v21.0 GA (21.0.0) and older. The agency patched all of them, initially releasing hotfixes. Later, they rolled out the patches with v20 MR3, v21 MR1, and newer variations. The service ensured the safety of all susceptible methods by conserving the hotfix installations the default. Nonetheless, customers should nonetheless examine their methods for attainable updates with steady releases.
Moreover patching the vulnerabilities, Sophos shared varied mitigation methods to guard units the place making use of a direct repair isn’t possible. These embody securing SSH entry and disabling WAN entry to Person Portal and WebAdmin.
The agency has confirmed that it has detected no lively exploitation of any of those vulnerabilities. Nonetheless, customers ought to replace their units with safety fixes as quickly as attainable to keep away from potential threats.
Tell us your ideas within the feedback.