Sophos Patches Critical Vulnerabilities in Firewall Products

By /

Listen to this Post

2024-12-19

Sophos has swiftly released critical hotfixes to address three severe security flaws in its Firewall products. These vulnerabilities, if exploited, could potentially lead to remote code execution and unauthorized system access.

The Vulnerabilities

The three vulnerabilities are as follows:

CVE-2024-12727 (CVSS score: 9.8): A pre-authentication SQL injection vulnerability in the email protection feature, exploitable when specific configurations are enabled.
CVE-2024-12728 (CVSS score: 9.8): A weak credentials vulnerability in the High Availability (HA) cluster initialization process, leaving a privileged account exposed.
CVE-2024-12729 (CVSS score: 8.8): A post-authentication code injection vulnerability in the User Portal, allowing authenticated users to execute malicious code.

While

Affected Products and Patches

The vulnerabilities primarily affect Sophos Firewall versions 21.0 GA (21.0.0) and older. Hotfixes have been released to address these issues:

CVE-2024-12727: v21 MR1 and newer, along with specific hotfixes for older versions.
CVE-2024-12728: v20 MR3, v21 MR1 and newer, with hotfixes for older versions.
CVE-2024-12729: v21 MR1 and newer, with hotfixes for older versions.

User Recommendations

Sophos advises users to follow these steps to ensure the hotfixes are applied:

For CVE-2024-12727: Check the hotfix status using the `cat /conf/nest_hotfix_status` command in the Advanced Shell.
For CVE-2024-12728 and CVE-2024-12729: Check the version information using the `system diagnostic show version-info` command in the Device Console.

As temporary workarounds, Sophos recommends:

Restricting SSH access to the dedicated HA link.

Reconfiguring HA with a strong, random passphrase.

Disabling WAN access via SSH.

Ensuring User Portal and Webadmin are not exposed to the WAN.

What Undercode Says:

The rapid release of these critical patches underscores the evolving threat landscape and the importance of staying up-to-date with security updates. These vulnerabilities, if exploited, could have severe consequences for organizations relying on Sophos Firewall.

It’s crucial to prioritize the application of these hotfixes and implement the recommended security measures. Regular security audits, vulnerability assessments, and strong security practices are essential to protect against emerging threats.

By staying informed and taking proactive steps, organizations can mitigate the risks associated with these vulnerabilities and safeguard their IT infrastructure.

References:

Reported By: Thehackernews.com
https://www.linkedin.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Explore More: