Critical vulnerabilities threaten Sophos’ firewalls

Critical vulnerabilities threaten Sophos’ firewalls

Attackers can target Sophos firewalls and compromise devices after executing malicious code. However, the company states that only a fraction of its customers are at risk.

Anzeige

According to a warning messagedevelopers have closed a total of three vulnerabilities (CVE-2024-12727“critical“, CVE-2024-12728“critical“, CVE-2024-12729“highAccording to Sophos, devices are only vulnerable to the first vulnerability if a special configuration of Secure PDF Xchange (SPX) is active. In addition, the firewall must be running in high-availability (HA) mode. This is only the Approximately 0.05 percent of devices allow attackers to remotely execute malicious code.

The second vulnerability is only a threat when SSH and HA are active. This is the case with approximately 0.5 percent of the devices. Attackers may then be able to gain access to a user account with high privileges. The third vulnerability can be used to get malicious code onto devices. However, this requires an attacker to be authenticated.

Firewalls up to and including v21.0 GA are at risk. Sophos states that the first hotfixes will be released at the end of November 2024. By default, the firewalls are set to install automatically. In a post, the developers explain how administrators can check whether the hotfixes have already been installed.

(des)

Don’t miss any news – follow us
Facebook,
LinkedIn or
Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *