Hotfixes for Sophos firewall vulnerabilities released

Hotfixes have been revealed for three vulnerabilities affecting Sophos Firewall versions 21.0 GA and older, two of which were of critical severity, reports The Hacker News.

Potential exploitation of the critical pre-auth SQL injection bug, tracked as CVE-2024-12727, and critical weak credentials flaw, tracked as CVE-2024-12728, could prompt remote code execution and account exposure in nearly 0.05% and almost 0.5% of Sophos firewalls, respectively, according to Sophos. RCE attacks are also likely in intrusions leveraging the high-severity post-auth code injection issue, tracked as CVE-2024-12729. Sophos noted that addressing CVE-2024-12727 requires the execution of the “cat /conf/nest_hotfix_status” command from the firewall console’s Advanced Shell, while both CVE-2024-12728 and CVE-2024-12729 need the execution of the “system diagnostic show version-info” command. Organizations with vulnerable Sophos firewalls have also been urged to limit SSH access and/or conduct High Availability cluster reconfigurations, as well as deactivate WAN access through SSH and isolate User Portal and Webadmin from WAN, while waiting for official patches.