Severity Level: Critical
Title:
Critical Vulnerabilities Sophos Firewall
Summary:
Sophos has issued security updates to address three significant vulnerabilities affecting its Sophos
Firewall product. These vulnerabilities, identified as CVE-2024-12727, CVE-2024-12728, and CVE[1]2024-12729, could potentially allow remote attackers to compromise systems and gain unauthorized access.
Vulnerabilities Details:
1. CVE-2024-12727: Pre-auth SQL Injection (CVSS 9.8 Critical)
o A pre-authentication SQL injection vulnerability exists within the email protection
feature of Sophos Firewall. Exploiting this flaw could allow attackers to access the
reporting database, potentially enabling remote code execution if specific
conditions are met (Secure PDF eXchange (SPX) enabled and High Availability (HA)
mode configured).
o Impact: Remote code execution, unauthorized access to the reporting database.
2. CVE-2024-12728: Insecure SSH Passphrase (CVSS 9.8 Critical)
o This vulnerability stems from the reuse of a suggested non-random SSH login
passphrase after the HA establishment process. If SSH is enabled, this flaw could
expose privileged system accounts.
o Impact: Privilege escalation, potential unauthorized access.
3. CVE-2024-12729: Post-auth Code Injection (CVSS 8.8 High)
o This post-authentication vulnerability allows authenticated users to execute
arbitrary code through the User Portal.
o Impact: Unauthorized code execution by authenticated users.
Affected Versions: Sophos Firewall v21.0 GA (21.0.0) and older versions
Recommendations:
We recommended applying the mitigation or workaround provided by Sophos.
References:
click here