- Sophos says it found and fixed three flaws in its firewall product
- Flaws allowed RCE and privilege escalation
- Those who cannot apply the patch can use a workaround.
Sophos recently discovered and fixed three bugs in its Firewall product and, given the severity, urged users to apply the fixes as soon as possible. Those who cannot do so are recommended to at least apply the suggested mitigation solutions.
A security advisory from the company notes that all three vulnerabilities can be abused for remote code execution, privileged system access, and more. Two of the defects received a critical severity score (9.8), and the third was high severity (8.8).
Several versions of Sophos Firewall were said to be affected, although different versions appear to be susceptible to different flaws. Even so, the company urges all users to update their terminals to the latest version and avoid being attacked.
Possible solution
Patches also differ, depending on the vulnerability in question. For CVE-2024-12727, users must launch Device Management, navigate to Advanced Shell from the Sophos Firewall console, and run the “cat /conf/nest_hotfix_status” command.
For the remaining two faults, users should launch Device Console from the Sophos Firewall console and run the “system diagnostic show version-info” command.
Users who cannot apply the patch should at least apply the suggested workaround, which includes restricting SSH access to only the dedicated HA link that is physically separate. Additionally, users must reconfigure HA using a sufficiently long, random custom passphrase.
Finally, they can disable WAN access over SSH and ensure that the User Portal and Webadmin are not exposed to the WAN.
More details about the bugs, including CVEs, can be found at this link.
Firewalls are important targets in cyber attacks because they act as the primary gatekeepers between internal networks and external threats, making them critical points of defense for sensitive systems and data.
Compromising a firewall can give attackers privileged access to a network, bypassing security controls and exposing the entire system to further exploitation. Additionally, firewalls often contain valuable configuration data and access credentials, which attackers can exploit to escalate their attacks or maintain persistent access.
Through Hacker News
