• Advisory: Multiple Dnsmasq Vulnerabilities (AKA DNSpooq) in Sophos RED

    Overview Dnsmasq released a security advisory, dated January 19, 2021, disclosing details on multiple CVEs that can be triggered by a remote DNS response. The impacted dnsmasq versions are older than version 2.83. If successfully exploited by a malic...
    • 19 Jan 2021
  • Advisory:  Resolved SQL Injection in Cyberoam OS WebAdmin (CVE-2020-29574)

    Overview An SQL Injection vulnerability in the WebAdmin of Cyberoam OS was recently discovered and has been patched through a hotfix. On some systems, this may have been used to create an unrecognized account. Applies to the following ...
    • 10 Dec 2020
  • Advisory: NAT Slipstreaming

    Overview A recently identified attack known as NAT Slipstreaming can potentially bypass browser protections to compromise an end-user device and then utilize Network Address Translation (NAT) on a firewall or router to a...
    • 7 Dec 2020
  • Advisory: Resolved RCE in SG UTM WebAdmin (CVE-2020-25223)

    Overview A remote code execution vulnerability in the WebAdmin of SG UTM was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has be...
    • 18 Sep 2020
  • Microsoft CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability AKA Zerologon

    What are the technical specifics of the issue? Microsoft, in its August 2020 Patch Tuesday release, disclosed details on CVE-2020-1472, which is a Privilege Escalation vulnerability in the Netlogon Remote Protocol. If successfully exploited, this vu...
    • 18 Sep 2020
  • Advisory: Resolved authenticated RCE issues in User Portal (CVE-2020-17352)


    Two vulnerabilities in the User Portal of XG Firewall were recently discovered and responsibly disclosed to Sophos. They were reported via the Sophos bug bounty program by an external security researcher. Both vulnerabilities were post-authentication command injection vulnerabilities and have been fixed.

    The remediation prevented authenticated users from remotely executing arbitrary code. There was no evidence that…

    • 7 Aug 2020
  • Advisory: Resolved RCE via SQLi (CVE-2020-15504)


    An SQL injection vulnerability in the email quarantine release feature of XG Firewall was recently discovered and responsibly disclosed to Sophos by external security researchers. The vulnerability has been fixed. The remediation prevented remote execution of arbitrary code. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.

    Sophos would like to thank Jakob…

    • 10 Jul 2020
  • Advisory: Buffer overflow in XG Firewall v17.x User Portal


    Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.

    Sophos quickly responded and remediated with a hotfix that removes the HTTP/S bookmark functionality for all XG Firewalls running SFOS v17.x. XG Firewall v18…

    • 25 Jun 2020
  • Advisory: Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503)


    A heap overflow vulnerability in awarrensmtp, a component of XG Firewall firmware, was recently discovered and responsibly disclosed to Sophos by an external security researcher. The vulnerability can potentially allow a remote attacker to execute arbitrary code.

    Sophos would like to thank Arseniy Sharoglazov from Positive Technologies for responsibly disclosing this issue to Sophos.

    There is no action required…

    • 17 Jun 2020
  • Advisory: CVE-2020-10947 - Sophos Anti-Virus for macOS privilege escalation


    A privilege escalation vulnerability was discovered and responsibly disclosed on 17 August, 2019 by Lasse Trolle Borup of Danish Cyber Defence that impacted specific versions of Sophos Anti-Virus for macOS. All supported versions were fixed by 5 December 2019. The only action required for customers is to verify they are running the fixed version.

    Description of Vulnerability

    An unprivileged, authenticated attacker…

    • 16 Apr 2020
  • Sophos Comments to CVE-2020-9363


    There are many possible ways to create a corrupted archive file that remains readable to some unpacking tools, while not being readable by other tools, including endpoint protection products in general. These endpoint protection products will only be able to detect malware hidden inside corrupted archives when the contents of the archive are unpacked by the 3rd party tool using on-access scanning technology.

    • 12 Mar 2020
  • Surveillance Apps

    Surveillance apps, also known as Stalkerware, possess powerful surveillance functions, and thus, can be used to spy on users and their online activity.

    The Surveillance App category covers a range of aggressive monitoring software and commercial spyware designed to spy on users.

    Even though Surveillance Apps can be marketed as parental monitoring software, their ability to work in stealth mode, sometimes disguised as…

    • 28 Jan 2020
  • Advisory: CVE-2019-17059: Cyberoam Firewall Remote Code Execution Vulnerability


    A critical shell injection vulnerability in Sophos Cyberoam Firewall appliances running CyberoamOS (CROS) version 10.6.6 MR-5 and earlier was recently discovered and responsibly disclosed to Sophos by an external security researcher.

    The vulnerability can be potentially exploited by sending a malicious request to either the Web Admin or SSL VPN consoles, which would enable an unauthenticated remote attacker to…

    • 16 Oct 2019
  • Exim CVE-2019-15846 and Sophos Products


    CVE-2019-15846 outlines a vulnerability in Exim whereby a specially crafted SNI ending can be utilized to run arbitrary code on the vulnerable server

    This vulnerability is not exploitable on any Sophos products, see the table below for more information.

    Sophos Email Products and CVE-2019-15846

    Product Vulnerable Further information
    Sophos XG Firewall No The TLS headers that are used to exploit this vulnerability…
    • 16 Oct 2019