Tech News
Sophos Firewall Vulnerabilities Could Allow Remote Attacks
Sophos users should ensure that their firewall devices are updated with the latest updates to address several security vulnerabilities. These vulnerabilities could be exploited for various malicious actions, including code execution attacks.
Multiple Vulnerabilities Patched In Sophos Firewall
According to a recent advisory, Sophos has patched at least three vulnerabilities in the Sophos Firewall. These vulnerabilities include:
- CVE-2024-12727 (critical severity; CVSS 9.8): an SQL injection vulnerability affecting the email protection feature. This vulnerability could allow an attacker to gain access to the target Firewall’s reporting database and execute remote code execution attacks.
- CVE-2024-12728 (critical severity; CVSS 9.8): This vulnerability was due to weak credentials, enabling an attacker to gain elevated privileges via SSH on the target Sophos Firewall.
- CVE-2024-12729 (high severity; CVSS 8.8): A post-auth code injection vulnerability in the User Portal, allowing an authenticated attacker to execute code on the target device.
Two of these vulnerabilities were reported by external security researchers through Sophos’ bug bounty program, while the third was discovered internally by Sophos researchers.
These vulnerabilities affected Sophos Firewall v21.0 GA (21.0.0) and older versions. Sophos has released patches for all vulnerabilities, initially as hotfixes and later integrated into v20 MR3, v21 MR1, and newer versions. Users are advised to check for updates with stable releases to ensure the security of their systems.
In addition to patching the vulnerabilities, Sophos has shared mitigation strategies for devices where immediate patching is not possible. These strategies include securing SSH access and disabling WAN access to User Portal and WebAdmin.
Sophos has confirmed that there have been no active exploits of these vulnerabilities. However, users are urged to update their devices promptly to protect against potential threats.
Share your thoughts in the comments section below.
New Orleans ISIS terrorist prepped rare explosives never before used in US, Europe: report
Potent Storm Blasts Parts of U.S. With Sleet, Snow and Freezing Rain
Indigo issues advisory regarding impact on flight schedules due to low visibility and fog in North India, BA
Marvel Rivals mod for Donald Trump gets banned on Nexus Mods
Neutered: Federal court strikes down FCC authority to impose net neutrality rules
The Traitors US Season 3 Trailer, News, Release Date and Contestants
Israeli strikes kill nine people in Gaza, mediators strive for a truce deal
Oilers use fast start to beat the Kraken 4-2 for their 3rd straight victory – Edmonton
Minecraft creator Notch says he “basically announced Minecraft 2”
Corporate cover-up behind world-beating cyber security record in Middle East
Singapore Airlines CEO set to join board of Air India, BA News, BA
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
The Top 20 Motivational Instagram Accounts to Follow (2024)
Satisfy Your Meat and BBQ Cravings While in Texas
Have Unlimited Korean Food at MANY Unlimited Topokki!
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Soccer team’s drone at center of Paris Olympics spying scandal
15 of the Best Trike & Tricycles Mums Recommend
15 Best Magnetic Tile Race Tracks for Kids!
-
Destination3 months agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation7 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips6 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Gaming5 months agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Tech News5 months agoSoccer team’s drone at center of Paris Olympics spying scandal