Sophos hotfixes remote code execution vulnerabilities in Firewall
- Sophos says it found, and patched, three flaws in its firewall product
- The flaws allowed for RCE and privilege escalation
- Those unable to apply the patch can use a workaround
Sophos has recently discovered, and patched, three bugs in its Firewall product, and given the severity, has urged users to apply the fixes as soon as possible. Those that cannot do that are advised to at least apply the suggested mitigation workarounds.
A security advisory from the company notes the three vulnerabilities can be abused for remote code execution, privileged system access, and more. Two of the flaws were given a critical severity score (9.8), with the third one being high-severity (8.8).
Multiple versions of the Sophos Firewall were said to be affected, although different versions seem to be susceptible to different flaws. Still, the company urges all users to bring their endpoints to the latest version and avoid getting targeted.
Workaround possible
Patching also differs, depending on the vulnerability in question. For CVE-2024-12727 users should launch Device Management, navigate to Advanced Shell from the Sophos Firewall console, and run the command “cat /conf/nest_hotfix_status”.
For the remaining two flaws, users should launch Device Console from the Sophos Firewall console, and run the command “system diagnostic show version-info”.
Users that cannot apply the patch should at least apply the suggested workaround, which includes restricting SSH access to only the dedicated HA link that is physically separate. Furthermore, users should reconfigure HA using a sufficiently long and random custom passphrase.
Finally, they can disable WAN access via SSH, and make sure that the User Portal and Webadmin are not exposed to WAN.
Further details about the bugs, including the CVEs, can be found on this link.
“Sophos has released hotfixes to address three remote code execution vulnerabilities,” the company told TechRadar Pro in a statement. “Sophos Firewall customers have hotfixes enabled by default, meaning there is no further action to take if this is enabled. Sophos is not aware of any exploitation of these vulnerabilities. It’s important to note that a very small number of firewalls were potentially at risk.”
“We encourage users to check the KBA and Security Advisory and Firewall users can use this link to verify if the hotfix was applied to your firewall.”
Firewalls are major targets in cyberattacks because they act as the primary gatekeepers between internal networks and external threats, making them critical points of defense for sensitive data and systems.
Compromising a firewall can grant attackers privileged access to a network, bypassing security controls and exposing the entire system to further exploitation. Additionally, firewalls often hold valuable configuration data and access credentials, which attackers can leverage to escalate their attacks or maintain persistent access.
Via The Hacker News
You might also like
Sophos says it found, and patched, three flaws in its firewall product The flaws allowed for RCE and privilege escalation Those unable to apply the patch can use a workaround Sophos has recently discovered, and patched, three bugs in its Firewall product, and given the severity, has urged users to…
