Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.
Sophos quickly responded and remediated with a hotfix that removes the HTTP/S bookmark functionality for all XG Firewalls running SFOS v17.x. XG Firewall v18 was not impacted.
Applies to the following Sophos product(s) and version(s)
Sophos XG Firewall v17.5 MR12 and earlier
You will receive an email from Sophos if any action is required
- Ensure you are running a supported version of XG Firewall
- Hotfix HF062020.1 was published for all firewalls running v17.x
- Additionally, Sophos recommends that XG Firewall customers upgrade to SFOS v18
Sophos strongly recommends following industry best practices and the additional steps below to fully remediate the issue:
- Reset device administrator accounts
- Reset passwords for all local user accounts
- Disable User Portal access on the WAN unless necessary
- How to disable User Portal access on WAN: https://community.sophos.com/kb/en-us/135414
- CVE-2020-15069: https://nvd.nist.gov/vuln/detail/CVE-2020-15069
- Ensure that you have enabled the automatic installation of hotfixes: https://community.sophos.com/kb/en-us/135415
- Related Community post: https://community.sophos.com/products/xg-firewall/f/network-and-routing/121486/user-portal-disabled-across-multiple-xg-firewalls-by-cli-user/#pi2151filter=answers&pi2151scroll=false