Sophos identifies security flaws in the firewall, users must patch now
- Sophos says it has found and fixed three flaws in its firewall product
- The flaws enabled RCE and privilege escalation
- Those who cannot apply the patch can use a workaround
Sophos recently discovered and patched three bugs in its Firewall product, and given the severity, has urged users to apply the fixes as soon as possible. Those who cannot are advised to at least implement the suggested mitigation solutions.
A security advisory from the company notes that the three vulnerabilities can be exploited for remote code execution, privileged system access, and more. Two of the deficiencies received a critical severity score (9.8), while the third had a high severity score (8.8).
Multiple versions of the Sophos Firewall were said to be affected, although different versions appear to be prone to different flaws. Still, the company urges all users to bring their endpoints to the latest version and avoid being targeted.
Solution possible
Patching also differs depending on the vulnerability in question. CVE-2024-12727 requires users to launch Device Manager, navigate to Advanced Shell from the Sophos Firewall console, and run the “cat /conf/nest_hotfix_status” command.
For the remaining two errors, users should launch Device Console from the Sophos Firewall console and run the “system diagnostic showversion-info” command.
Users who cannot apply the patch should at least apply the suggested workaround, which includes limiting SSH access to only the dedicated HA link that is physically separated. Additionally, users must reconfigure HA with a sufficiently long and random custom passphrase.
Finally, they can disable WAN access via SSH and ensure that the user portal and Webadmin are not exposed to WAN.
More details about the bugs, including the CVEs, can be found at this link.
Firewalls are prime targets in cyber attacks because they act as the key gatekeepers between internal networks and external threats, making them crucial points of defense for sensitive data and systems.
Compromising a firewall can give attackers privileged access to a network, bypassing security controls and exposing the entire system to further exploitation. In addition, firewalls often contain valuable configuration information and access information, which attackers can use to escalate their attacks or maintain persistent access.
Via The hacker news