Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
A researcher, through our bug bounty program, disclosed a Local Privilege Elevation with potential for Remote Code execution vulnerability in HitmanPro.Alert to Sophos in December 2019.
The vulnerability has been fixed and all deployments should be up to date and patched.
Applies to the following Sophos product(s) and version(s) HitmanPro.Alert (Standalone)
We worked closely with the researcher to address the issue and validate the fix in build 861 and build 795. All customers who use auto update were patched on 8xx version in build 861 on January 10th 2020 and the 7xx patch went out in build 795 on February 10th 2020.
All deployments should be up to date and patched.
Sophos would like to thank Michael Bourque, a CVE-2020-9540 was filed for this issue.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.