We have just launched version 3.0.009 of the RED firmware pattern update. You can download and install the firmware right away. This release is a maintenance update that features essential security updates. The update includes improvements to multiple RED firmware components that address various open CVEs related to those components. Not all of the CVEs, however, affected vulnerabilities on SD-RED devices. Apart from the security enhancements, this firmware update also addresses multiple issues.

Security Fixes

Issue Key



WiFi mac80211 vulnerabilities : CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722


Base Ubuntu vulnerabilities: CVE-2022-1012 CVE-2022-20368 CVE-2022-36946 CVE-2022-32296


Address the following vulnerabilities in ncurses library: CVE-2017-10684, CVE-2017-16879, CVE-2018-19211, CVE-2019-17594, CVE-2019-17595, CVE-2021-39537, CVE-2022-29458


SD-RED pcre3 vulnerabilities: CVE-2019-20838, CVE-2020-14155


Address vulnerabilities in the curl component by upgrading it to 7.86.0: CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916.


Upgrade the zlib component to address the vulnerability: CVE-2018-25032 and CVE-2022-37434.

Issues Fixed

Issue Key



RED failover to integrated 4G module fails intermittently.


4G modules on SD-RED devices do not work when the default IP assignment type is IPv6.


Intermittent traffic disconnection even though the SD-RED 60 tunnel is active.


Intermittent image upgrade issues are seen on SD-RED 20 with 3.0.008 image

Install Instructions

  • On Sophos Firewall web UI, navigate to Backup & Firmware > Pattern Updates.
  • If the RED Firmware version is older than this release, click Update Pattern Now.
  • When ready to deploy new firmware to connected SD-RED devices, click Install. 
  • (SD-)RED devices will be rebooted during the firmware installation process

Supported Platforms

  • SFOS v18.5MR4+
  • SFOS v19GA+
  • SFOS v19.5GA+
  • XGS 3100 HA cluster says "Failed to install RED firmware" and there's nothing in the logging at all?

    Already did a node fail over without any result. These products getting worse and worse. Even a simple flush of an ARP table when your cluster is failing over is too hard for Sophos! Sophos needs six months to reproduce this issue says they fixed it and it's back in 19.5.2MR2

    Good job Sophos!

  • Same error with XG550 Cluster:

    Firmware seems ready to install:

    Then click on it:

    Now it is downloading again

    No information in the logfiles about that.. gg

Comment Children
No Data