Critical vulnerabilities threaten Sophos firewalls
Important security updates for Sophos firewalls have been released. They install automatically with the default settings.
(Image: Tatiana Popova/Shutterstock.com)
Attackers can target Sophos firewalls and compromise devices after executing malicious code. However, the company states that only a fraction of its customers are at risk.
The dangers
According to a warning message, the developers have closed a total of three vulnerabilities (CVE-2024-12727"critical", CVE-2024-12728"critical", CVE-2024-12729"high"). According to Sophos, devices are only vulnerable to the first vulnerability if a special configuration of Secure PDF Xchange (SPX) is active. In addition, the firewall must be running in high-availability (HA) mode. This is only the case for around 0.05 percent of devices. If the requirements are met, attackers can execute malicious code remotely.
The second vulnerability is only a threat if SSH and HA are active. This is the case for around 0.5 percent of devices. Attackers may then be able to access a user account with high privileges. The third vulnerability can be used to get malicious code onto devices. However, an attacker must be authenticated for this.
Videos by heise
Security updates
Firewalls up to and including v21.0 GA are at risk. Sophos states that the first hotfixes will be released at the end of November 2024. By default, the firewalls are set to install automatically. In a post, the developers explain how admins can check whether the hotfixes have already been installed.
(des)
