Sophos users must keep their firewall devices updated with the latest patches as the vendor addresses multiple security vulnerabilities.
Sophos users must keep their firewall devices updated with the latest patches as the vendor addresses multiple security vulnerabilities. Exploiting these vulnerabilities could allow various malicious actions, including code execution attacks.
Multiple Vulnerabilities Patched in Sophos Firewall
According to its latest reports, Sophos addressed, at a minimum, three vulnerabilities in the Sophos Firewall. Specifically, these vulnerabilities include:
- CVE-2024-12727 (critical severity; CVSS 9.8): There's a security flaw that allows hackers to exploit the email protection feature using SQL injection. This security flaw allows attackers to access the firewall's reporting database without needing to log in first and perform remote code execution attacks. Exploiting this vulnerability requires the firewall to run in High Availability (HA) mode with a specific Secure PDF Exchange (SPX) configuration enabled.
- CVE-2024-12728 (critical severity; CVSS 9.8): This security flaw was caused by weak credentials, which allowed attackers to gain higher access to the Sophos firewall through SSH.
- CVE-2024-12729 (high severity; CVSS 8.8): A post-auth code injection vulnerability in the User Portal. By exploiting this flaw, a logged-in attacker could run commands on the target device.
Of these, two vulnerabilities, CVE-2024-12727 and CVE-2024-12729, caught the attention of external security researchers, who then informed Sophos about the flaws through the company's bug bounty program. Sophos’ internal researchers noticed the third vulnerability.
These vulnerabilities affected Sophos Firewall v21.0 GA (21.0.0) and older. The firm patched all of them, initially releasing hotfixes. Later, they rolled out the patches with v20 MR3, v21 MR1, and newer versions. The service secured all vulnerable systems by making hotfix installations the default setting. Nonetheless, users must still check their systems for possible updates with stable releases.
Besides patching the vulnerabilities, Sophos also provided several strategies to protect devices when an immediate fix isn't possible. These include securing SSH access and disabling WAN access to User Portal and WebAdmin.
The company confirmed that none of these vulnerabilities have been actively exploited. Nonetheless, users should update their devices with security fixes as soon as possible to avoid potential threats.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.