Sophos Central Firewall Manager (CFM) maintenance scheduled for Wednesday, July 8th starting at 06:30 GMT. Expected time to complete is 5 hours. Partners will be unable to access CFM during this period.
We'd love to hear about it! Click here to go to the product suggestion community
Please do correct me if I'm misunderstanding any of this by the way!
We have a quarterly vulnerability scan on our Sophos XG IP addresses. Usually, this works without a hitch and we get a clean pass. However, since updating to 17.5 MR10, we're getting a massive list of CVE issues dating back to 2011 in some cases. This is failing our testing. We use the WAF to host several websites.
The main issue appears to be that the Linux Kernel on the XG is version 3.14.22, which dates back to 2014! The version of Apache is 2.4.10 - again, dating back to 2014.
Is this normal? Why is the version so old? Does this pose a security risk?
Hi IT-Support-247 I would request to share more details through message, it would help us to assist you further.
1. XG hardware model number
2. Details regarding CVE and related details/reports
3. The current version for v17 is MR12, could you please upgrade the firmware to the latest version and run tests and provide details.https://community.sophos.com/products/xg-firewall/b/blog/posts/xg-firewall-17-5-mr12-released