Sophos Releases Hotfixes for Critical Firewall Vulnerabilities

Sophos has issued important hotfixes to address three critical security flaws discovered in its firewall products. These vulnerabilities have the potential to enable remote code execution and allow unauthorized privileged system access under specific conditions. Significantly, two out of the three identified flaws have been rated as Critical in severity. However, there is currently no evidence that these security gaps have been exploited maliciously in the wild. The identified vulnerabilities are listed under the following CVEs: CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729. Their potential impact ranges from remote code execution to compromise through weak credentials.

Detailed Breakdown of Vulnerabilities

Among the identified vulnerabilities, CVE-2024-12727 poses a severe threat with a CVSS score of 9.8. This pre-auth SQL injection vulnerability resides within the email protection feature and becomes critical if a specific configuration of Secure PDF eXchange (SPX) is enabled while the firewall operates in High Availability (HA) mode. This could potentially lead to remote code execution and severe system compromise. Similarly severe, CVE-2024-12728 also holds a CVSS score of 9.8 and stems from the use of a non-random and suggested SSH login passphrase for HA cluster initialization. This weakness remains active even after HA establishment, thus exposing accounts to privileged access risks if SSH is enabled.

On the other hand, CVE-2024-12729, although slightly less critical with a CVSS score of 8.8, presents a significant danger. This post-auth code injection vulnerability is located in the User Portal and allows authenticated users to achieve remote code execution. Separately, the security vendor has reported the extent of the impact, noting that CVE-2024-12727 affects about 0.05% of devices, while CVE-2024-12728 impacts approximately 0.5%. Collectively, all these vulnerabilities are present in Sophos Firewall versions 21.0 GA (21.0.0) and older.

Hotfix Implementation and Recommendations

In response to these vulnerabilities, Sophos has promptly released hotfixes that offer remediation for the flaws across various software versions. For CVE-2024-12727, the affected versions include v21 MR1 and newer, with hotfixes available for versions ranging from v21 GA to v19.0 MR2. CVE-2024-12728 has been remediated in versions v20 MR3, v21 MR1, and newer, along with hotfixes spanning from v21 GA to v19.0 MR2. Meanwhile, CVE-2024-12729 sees remediation in versions v21 MR1 and newer, with hotfixes provided for versions from v21 GA to v19.0 MR3.

To verify that these hotfixes have been successfully applied, users are advised to execute specific commands within the Sophos Firewall console. For CVE-2024-12727, users should launch Device Management > Advanced Shell and run the command “cat /conf/nest_hotfix_status”. The hotfix is confirmed applied if the returned value is 320 or above. For both CVE-2024-12728 and CVE-2024-12729, users are required to access the Device Console and run “system diagnostic show version-info”. Here, the hotfix application is confirmed if the value is HF120424.1 or later.

Sophos urges users to apply these hotfixes promptly to mitigate potential risks and ensure the security of their systems. It is crucial for users to stay updated with the latest security patches and follow best practices for maintaining robust cybersecurity defenses.

Explore more

Vivo X Fold 6 – Review

The arrival of the Vivo X Fold 6 marks a pivotal moment where foldable devices transcend their status as fragile novelties to become the primary choice for power users. This transition represents a significant advancement in the mobile sector, pushing the boundaries of what a single handset can accomplish. By merging a book-style form factor with the raw performance of

Oppo Reno16 Series – Review

The modern smartphone market has reached a peculiar crossroads where the distinction between mid-range utility and flagship luxury is no longer defined by features but by the audacity of a manufacturer’s pricing strategy. Traditional product cycles often prioritize incremental updates, but this latest iteration signals a departure from conservative engineering. By integrating components usually reserved for the highest echelon of

AI Adoption Fails Without Proper Workforce Readiness

Ling-yi Tsai is a formidable force in the HRTech sector, possessing decades of experience guiding global organizations through the complex labyrinth of digital evolution. Her mastery of HR analytics and her tactical approach to integrating technology across recruitment and talent management have made her a sought-after advisor for companies looking to bridge the gap between human potential and machine efficiency.

The Human Infrastructure Powering Artificial Intelligence

The seamless flicker of a chatbot’s reply or the effortless lane change of a driverless vehicle often masks a vast, invisible network of human cognitive labor that makes such digital grace possible. While the marketing of advanced technology frequently paints a picture of silicon brains evolving in isolation, the underlying reality is a global assembly line of human intelligence. Every

Bruce Clay Leaves a Lasting Legacy as the Father of SEO

The Architect of an Industry and the Importance of Digital Frameworks The digital landscape we navigate today was not born out of thin air but was meticulously shaped by a few visionary thinkers who saw the potential of the internet long before it became a global marketplace. Among these pioneers, Bruce Clay stood as a singular figure whose influence spanned