Tech News
Sophos Firewall Vulnerabilities Could Allow Remote Attacks
Sophos users should ensure that their firewall devices are updated with the latest updates to address several security vulnerabilities. These vulnerabilities could be exploited for various malicious actions, including code execution attacks.
Multiple Vulnerabilities Patched In Sophos Firewall
According to a recent advisory, Sophos has patched at least three vulnerabilities in the Sophos Firewall. These vulnerabilities include:
- CVE-2024-12727 (critical severity; CVSS 9.8): an SQL injection vulnerability affecting the email protection feature. This vulnerability could allow an attacker to gain access to the target Firewall’s reporting database and execute remote code execution attacks.
- CVE-2024-12728 (critical severity; CVSS 9.8): This vulnerability was due to weak credentials, enabling an attacker to gain elevated privileges via SSH on the target Sophos Firewall.
- CVE-2024-12729 (high severity; CVSS 8.8): A post-auth code injection vulnerability in the User Portal, allowing an authenticated attacker to execute code on the target device.
Two of these vulnerabilities were reported by external security researchers through Sophos’ bug bounty program, while the third was discovered internally by Sophos researchers.
These vulnerabilities affected Sophos Firewall v21.0 GA (21.0.0) and older versions. Sophos has released patches for all vulnerabilities, initially as hotfixes and later integrated into v20 MR3, v21 MR1, and newer versions. Users are advised to check for updates with stable releases to ensure the security of their systems.
In addition to patching the vulnerabilities, Sophos has shared mitigation strategies for devices where immediate patching is not possible. These strategies include securing SSH access and disabling WAN access to User Portal and WebAdmin.
Sophos has confirmed that there have been no active exploits of these vulnerabilities. However, users are urged to update their devices promptly to protect against potential threats.
Share your thoughts in the comments section below.
Imposter Syndrome Is Rooted in Your Past But Here’s How You Can Rewire It
Recruiter stunned by job seeker’s ‘red flag’ question
A “special livestream” for FBC: Firebreak is set for 24th April
OpenAI pursued Cursor maker before entering into talks to buy Windsurf for $3B
Q&A: The legendary VFX artist who brought Captain Davy Jones, ‘The Abyss,’ and more to life
Punjab terror attacks: FBI arrests Babbar Khalsa’s operative Harpreet Singh
‘Trudeau is not here’: Federal leaders try to put the past behind them – National
Unbeatable, the rhythm game where music is illegal and you do crimes, has a sick as hell new demo
The HP Victus 15, a budget-friendly gaming laptop, is $350 off
5 ways I find a Kindle better than an iPad for reading
Singapore Airlines CEO set to join board of Air India, BA News, BA
Croatia to reintroduce compulsory military draft as regional tensions soar
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Bangladesh crisis: Refaat Ahmed sworn in as Bangladesh’s new chief justice
Have Unlimited Korean Food at MANY Unlimited Topokki!
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
15 of the Best Trike & Tricycles Mums Recommend
Soccer team’s drone at center of Paris Olympics spying scandal
Satisfy Your Meat and BBQ Cravings While in Texas
15 Best Magnetic Tile Race Tracks for Kids!
-
Destination7 months agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Breaking News8 months agoCroatia to reintroduce compulsory military draft as regional tensions soar
-
Tech News11 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Breaking News8 months agoBangladesh crisis: Refaat Ahmed sworn in as Bangladesh’s new chief justice
-
Guides & Tips9 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Gaming8 months agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Toys10 months ago15 of the Best Trike & Tricycles Mums Recommend
-
Tech News9 months agoSoccer team’s drone at center of Paris Olympics spying scandal