Overview

Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.

Sophos quickly responded and remediated with a hotfix that removes the HTTP/S bookmark functionality for all XG Firewalls running SFOS v17.x. XG Firewall v18 was not impacted.

 

Applies to the following Sophos product(s) and version(s)

  • Sophos XG Firewall v17.5 MR12 and earlier

  • You will receive an email from Sophos if any action is required

 

Remediation

  • Ensure you are running a supported version of XG Firewall
  • Hotfix HF062020.1 was published for all firewalls running v17.x
  • Additionally, Sophos recommends that XG Firewall customers upgrade to SFOS v18

 

Sophos strongly recommends following industry best practices and the additional steps below to fully remediate the issue:

  1. Reset device administrator accounts
  2. Reset passwords for all local user accounts
  3. Disable User Portal access on the WAN unless necessary

 

Related information

Parents
  • So far 2 of our 3 Firewalls running  17.5.11 MR-11 have had the hotfix applied and we're now seeing major issues.

    * Unable to access the User Portal on one, port 443 is not even connecting anymore

    * User Portal certificate is returning a completely and utterly other certificate (one of our vSphere certs), and not the one installed and configured at Administration > Admin Settings > Certificate

    Both firewalls with the issues have the hotfix applied, our 3rd one is still operating normally. WTH Sophos?

Comment
  • So far 2 of our 3 Firewalls running  17.5.11 MR-11 have had the hotfix applied and we're now seeing major issues.

    * Unable to access the User Portal on one, port 443 is not even connecting anymore

    * User Portal certificate is returning a completely and utterly other certificate (one of our vSphere certs), and not the one installed and configured at Administration > Admin Settings > Certificate

    Both firewalls with the issues have the hotfix applied, our 3rd one is still operating normally. WTH Sophos?

Children
No Data