3CX DLL-Sideloading attack: What you need to know
yesterday I updated two Firewalls (XGS 126 and XG 125) from Version 19.0.0 to 19.0.1. After the upgrade both Firewalls has SFOS 19.0.1 firmware installed but lost their configuration. The problem was both firewalls are on remote site and lost all external connections (Sophos Central und VPN), so I can't reach the firewalls. Today we connect on site via serial console to the Firewalls, and I saw that Firmware 19.0.1 was installed, but (at minimum) the network configuration was gone. I made some tests:
- Booting the 19.0.0 Firmware the Firewall runs as expected.
- Booting the 19.0.1 Firmware via Bootloader or via WebAdmin Firewall has no configuration.
On the other hand, I made the upgrade on serval firewalls without any problem (2x XG 125, 1x XGS 5500 HA, a Virtual and a Software Firewall).
How can I remove the 19.0.1 Firmware from the non-working firewalls to get a 2nd try to upload the firmware again and install the 19.0.1?