Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions.
Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows –
The security vendor said CVE-2024-12727 impacts about 0.05% of devices, whereas CVE-2024-12728 affects approximately 0.5% of them. All three identified vulnerabilities impact Sophos Firewall versions 21.0 GA (21.0.0) and older. It has been remediated in the following versions –
To ensure that the hotfixes have been applied, users are being recommended to follow the below-mentioned steps –
As temporary workarounds until the patches can be applied, Sophos is urging customers to restrict SSH access to only the dedicated HA link that is physically separate, and/or reconfigure HA using a sufficiently long and random custom passphrase.
Another security measure that users can take is to disable WAN access via SSH, as well as ensure that User Portal and Webadmin are not exposed to WAN.
The development comes a little over a week after the U.S. government unsealed charges against a Chinese national named Guan Tianfeng for allegedly exploiting a zero-day security vulnerability (CVE-2020-12271, CVSS score: 9.8) to break into about 81,000 Sophos firewalls across the world.
