This article describes the vulnerability CVE-2019-14899 in relation to the Sophos XG and UTM Firewall.
Applies to the following Sophos product(s) and version(s) Sophos UTM Sophos Firewall
CVE-2019-14899 outlines the possibility of an attack on the client side of the VPN component. This is being described as a VPN hijacking attempt.
Sophos has confirmed that the XG and UTM firewall devices are not affected by this as they utilize policy-based VPN technology and the threat only affects route-based VPNs.
The Sophos SSL VPN client is not affected as it is based on OpenVPN. As per OpenVPN, the software is not affected.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.