- Sophos says it discovered and fixed three flaws in its firewall products
- Flaws that allow RCE and privilege escalation
- There are workarounds available for those unable to apply the patch
Sophos recently discovered and fixed three bugs in its firewall products, and due to their severity, Sophos is urging users to apply the fixes as soon as possible. Those unable to do so are advised to at least apply the recommended mitigation solutions.
The company’s security bulletin points out that these three vulnerabilities can be abused for remote code execution, privileged system access, etc. Two of the defects have a severity of Severity (9.8), and the third defect has a Severity of High (8.8).
Multiple versions of Sophos Firewall are said to be affected, but different versions appear to be susceptible to different flaws. Still, the company urges all users to upgrade their endpoints to the latest version to avoid being targeted.
Possible solutions
Patches vary depending on the vulnerability in question. For CVE-2024-12727, users should enable Device Management, navigate to Advanced Shell from the Sophos Firewall console, and execute the command “cat /conf/nest_hotfix_status”.
For the remaining two flaws, users should launch the device console from the Sophos Firewall console and execute the command “system Diagnostic show version-info”.
Users who are unable to apply the patch should at least apply the recommended workarounds, which include restricting SSH access to only physically separate dedicated HA links. Additionally, users should reconfigure HA with a random custom password that is long enough.
Finally, they can disable WAN access via SSH and ensure that the user portal and webadmin are not exposed to the WAN.
For more details about bugs, including CVEs, please visit this link.
Firewalls are a prime target for cyberattacks because they act as the primary gatekeeper between the internal network and external threats, making them a critical defense point for sensitive data and systems.
Compromising a firewall can grant an attacker privileged access to the network, thereby bypassing security controls and exposing the entire system to further exploitation. In addition, firewalls often store valuable configuration data and access credentials that attackers can use to escalate attacks or maintain persistent access.
through Hacker News