FlagThis

CyberSecurity updates
2024-12-26 18:14:51 Pacfic
do son @ Cybersecurity News
Sophos Firewall Fixes Critical Remote Execution Flaws - 6d
Read more: securityonline.info

Sophos has released hotfixes to address three critical security vulnerabilities affecting Sophos Firewall products. The vulnerabilities, identified as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, could allow attackers to achieve remote code execution and gain privileged system access under specific conditions. Two of the vulnerabilities are rated as critical. CVE-2024-12727 is a pre-authentication SQL injection flaw in the email protection feature that may result in remote code execution. CVE-2024-12728 arises from a weak SSH login passphrase used during High Availability cluster initialization which remains active, potentially exposing a privileged system account. The third, CVE-2024-12729, is a post-authentication code injection vulnerability in the User Portal.

These vulnerabilities impact Sophos Firewall versions 21.0 GA (21.0.0) and older. Sophos estimates that CVE-2024-12727 impacts approximately 0.05% of devices, while CVE-2024-12728 affects about 0.5%. Hotfixes have been issued for various versions, including v21 MR1 and newer, and are recommended for all affected users. Users can verify hotfix application by launching the Advanced Shell or Device Console and running specific commands. Sophos recommends restricting SSH access, reconfiguring HA with a strong passphrase, and disabling WAN access via SSH as temporary workarounds while patching.

Original img attribution: https://securityonline.info/wp-content/uploads/2024/12/Screenshot-2024-12-20-083437.png
ImgSrc: securityonline.info
References:
  • Vulnerability Archives - SecurityOnline.info report on Sophos urgent firewall security update - 6d
  • SOCRadar - Sophos Firewall Update Resolves RCE and Privilege Escalation Vulnerabilities (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) - 6d
  • The Hacker News - TheHackerNews report on Sophos fixing 3 critical firewall flaws - 6d
  • Security Archives - Sophos fixed critical vulnerabilities in its Firewall product - 5d
  • www.heise.de - Critical vulnerabilities threaten Sophos firewalls Important security updates for Sophos firewalls have been released. They install automatically with the default settings. - 2d
  • Latest from TechRadar - Sophos flags concerning firewall security flaws, users told to patch now - 2d

Classification:
  • HashTags: Sophos Vulnerability RCE
  • Company: Sophos
  • Target: Sophos Firewall users
  • Product: Sophos Firewall
  • Feature: Remote Code Execution
  • Type: Vulnerability
  • Severity: Critical

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.