Two vulnerabilities in the User Portal of XG Firewall were recently discovered and responsibly disclosed to Sophos. They were reported via the Sophos bug bounty program by an external security researcher. Both vulnerabilities were post-authentication command injection vulnerabilities and have been fixed.
The remediation prevented authenticated users from remotely executing arbitrary code. There was no evidence that the vulnerabilities were exploited and to our knowledge no customers are impacted.
There is no action required for XG Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.
A previous version of this article incorrectly stated that hotfixes were only released for v18.0 GA through MR1-Build396. It has been corrected to indicate that v18.0 MR2 received a hotfix as well.
Is this HOTFIX available v18!!? omegle
Carter Janet: Yes.