Tech News
Sophos Firewall Vulnerabilities Could Allow Remote Attacks
Sophos users should ensure that their firewall devices are updated with the latest updates to address several security vulnerabilities. These vulnerabilities could be exploited for various malicious actions, including code execution attacks.
Multiple Vulnerabilities Patched In Sophos Firewall
According to a recent advisory, Sophos has patched at least three vulnerabilities in the Sophos Firewall. These vulnerabilities include:
- CVE-2024-12727 (critical severity; CVSS 9.8): an SQL injection vulnerability affecting the email protection feature. This vulnerability could allow an attacker to gain access to the target Firewall’s reporting database and execute remote code execution attacks.
- CVE-2024-12728 (critical severity; CVSS 9.8): This vulnerability was due to weak credentials, enabling an attacker to gain elevated privileges via SSH on the target Sophos Firewall.
- CVE-2024-12729 (high severity; CVSS 8.8): A post-auth code injection vulnerability in the User Portal, allowing an authenticated attacker to execute code on the target device.
Two of these vulnerabilities were reported by external security researchers through Sophos’ bug bounty program, while the third was discovered internally by Sophos researchers.
These vulnerabilities affected Sophos Firewall v21.0 GA (21.0.0) and older versions. Sophos has released patches for all vulnerabilities, initially as hotfixes and later integrated into v20 MR3, v21 MR1, and newer versions. Users are advised to check for updates with stable releases to ensure the security of their systems.
In addition to patching the vulnerabilities, Sophos has shared mitigation strategies for devices where immediate patching is not possible. These strategies include securing SSH access and disabling WAN access to User Portal and WebAdmin.
Sophos has confirmed that there have been no active exploits of these vulnerabilities. However, users are urged to update their devices promptly to protect against potential threats.
Share your thoughts in the comments section below.
B.C. Hudson’s Bay manager seriously injured after attack inside store – BC
How to Brighten Your Morning (and Whole Day): 7 Powerful Habits
Rebecca Minkoff Says She Didn’t Intend For Pregnancy Rumor To “Trick” ‘RHONY’ Fans: “It Wasn’t A Prank”
Onimusha 2: Samurai’s Destiny remaster announced
Former Whoop exec’s new app Alma uses AI for all things nutrition
Samsung Galaxy S26 Ultra Selfie Camera Could Be Invisible
An Unbound Trump Pushes an Improbable Plan for Gaza
Sudan’s paramilitary RSF falters amid tactical blunders and supply shortfalls
Nintendo Switch 2 “cannot come soon enough”, analyst says for sales-related reasons, rather than just being desperate to play things on it like the rest of us
A new government minister for AI has yet to use ChatGPT
Singapore Airlines CEO set to join board of Air India, BA News, BA
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Croatia to reintroduce compulsory military draft as regional tensions soar
The Top 20 Motivational Instagram Accounts to Follow (2024)
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
15 Best Magnetic Tile Race Tracks for Kids!
Satisfy Your Meat and BBQ Cravings While in Texas
Soccer team’s drone at center of Paris Olympics spying scandal
15 of the Best Trike & Tricycles Mums Recommend
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Destination4 months agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News8 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Breaking News6 months agoCroatia to reintroduce compulsory military draft as regional tensions soar
-
Motivation8 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Gaming6 months agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Toys6 months ago15 Best Magnetic Tile Race Tracks for Kids!
-
Guides & Tips7 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Tech News7 months agoSoccer team’s drone at center of Paris Olympics spying scandal