Users of Sophos firewall devices are urged to update their systems with the latest patches to address several security vulnerabilities. Exploiting these vulnerabilities could lead to potentially harmful actions, including code execution attacks.
Multiple Security Flaws Fixed in Sophos Firewall
As per a recent advisory from Sophos, the company has fixed three vulnerabilities in their Sophos Firewall. These vulnerabilities include:
- CVE-2024-12727 (critical severity; CVSS 9.8): An SQL injection flaw affecting the email protection feature, allowing attackers to access the firewall’s reporting database and execute remote code attacks.
- CVE-2024-12728 (critical severity; CVSS 9.8): Weak credentials vulnerability enabling unauthorized access via SSH.
- CVE-2024-12729 (high severity; CVSS 8.8): Code injection vulnerability in the User Portal, allowing authenticated users to execute malicious code.
While external researchers reported two vulnerabilities, Sophos’ internal team discovered the third. Sophos released patches for these vulnerabilities in versions v20 MR3, v21 MR1, and newer, ensuring the security of all affected systems.
Additionally, Sophos recommended mitigation measures for systems where immediate patching is not feasible, such as securing SSH access and disabling WAN access to User Portal and WebAdmin.
Although there have been no reported exploits of these vulnerabilities, users are advised to apply the security updates promptly to mitigate potential risks.
Share your thoughts in the comments section below!
