Critical Vulnerabilities Found in Sophos Firewall – Act Now!
Sophos has issued critical hotfixes for three vulnerabilities affecting Sophos Firewall versions 21.0 GA and older. The vulnerabilities, disclosed by The Hacker News, include two critical pre-authentication vulnerabilities and a high-severity post-authentication code injection issue.
The Risks
Exploiting these vulnerabilities could have severe consequences, including:
- Remote Code Execution (RCE): Sensitive data could be compromised, and attackers could take complete control of affected firewalls.
- Account Exposure: Attackers could gain unauthorized access to user accounts, potentially leading to data breaches and system compromise.
Sophos estimates that nearly 0.05% of Sophos firewalls are vulnerable to the critical pre-auth SQL injection (CVE-2024-12727), while almost 0.5% are vulnerable to the critical weak credentials flaw (CVE-2024-12728). The high-severity post-auth code injection issue (CVE-2024-12729) could also lead to RCE attacks.
What You Need To Do
Sophos has provided hotfixes to address these vulnerabilities. Action is required immediately:
- Apply Hotfixes: Sophos urges all users with vulnerable firewalls to install the provided hotfixes as soon as possible. The specific commands required for each hotfix are noted below.
- Limit SSH Access:
Restrict SSH access to only authorized users and consider using multi-factor authentication. - Review Network Configurations: Deactivate WAN access through SSH and isolate User Portal and Webadmin from WAN. Consider conducting High Availability cluster reconfigurations.
**Hotfix Execution Commands:**
- CVE-2024-12727: Execute “cat /conf/nest_hotfix_status” from the firewall console’s Advanced Shell.
- CVE-2024-12728 and CVE-2024-12729: Execute “system diagnostic show version-info” from the firewall console.
Stay Protected
Cybersecurity threats are constantly evolving. Staying informed about vulnerabilities and implementing best practices is crucial for protecting your network. Don’t wait until it’s too late – take action today to secure your Sophos firewall against these critical threats.