Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Sophos Central Firewall Manager maintenance scheduled for April 2nd, starting at 3:30am EDT. More info available here.
A critical shell injection vulnerability in Sophos Cyberoam Firewall appliances running CyberoamOS (CROS) version 10.6.6 MR-5 and earlier was recently discovered and responsibly disclosed to Sophos by an external security researcher.
The vulnerability can be potentially exploited by sending a malicious request to either the Web Admin or SSL VPN consoles, which would enable an unauthenticated remote attacker to execute arbitrary commands.
Applies to the following Sophos products and versionsCyberoam Firewalls running CROS 10.6.6 MR-5 and earlier