New code injection vulnerability in the User Portal and Webadmin of Sophos Firewall

Surprised there is no 'banner' announcement of this in the community forum (I learnt about it from a third party security mailing list). I've said it before but I will say it again, I think it is a major failing of Sophos not to have a security alert mailing list.

Details here - https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

How to check if your XG has been patched - https://support.sophos.com/support/s/article/KB-000044539?language=en_US



Added TAGs
[edited by: emmosophos at 9:53 PM (GMT -7) on 23 Sep 2022]
Parents
  • A useful update on all this. I was contacted by and asked to check my SMS alerts subscription. I found that I wasn't subscribed to 'Sophos Firewall' alerts. The alerting system has changed a lot since I signed up and it is possible it wasn't even an option when I originally subscribed, confirmed by the fact that I was subscribed to Sophos UTM alerts and we haven't used that product in years. Even better, I also found that you can now also get the alerts by email, which is much more useful for me and exactly what I was asking for in this post. No idea when this was introduced but it seems from the replies in this post that nobody seems to be aware of it. Probably time to stop calling it the SMS alerting service and just call it the 'Alerting Service'!

    So a big thanks to for looking into this for me and, obviously, I would suggest others check their subscriptions and sign up for emails if they would also be useful. The direct link is https://centralstatus.sophos.com/subscription

    With regards to being emailed as a Partner, I have never received any Partner emails. I have taken this up with my account manager several times but they haven't been helpful in resolving the issue. It seems to me that when we became Partners, we were never added to the Partner emailing list. As he has been so helpful and seems to have his finger on the pulse, I have asked if there is anything he can do to resolve this or put me in touch with the team responsible for Partner mailings.

    I still think there should have been a banner alert in the community forums about this.

  • Hi Jason, 

    Thank you for posting the update on the thread. I've PM'd you more details about your partner mailing list issue. 

    Thanks,
    Yashraj Singha
    Team Lead | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • may be just by chance but we notice a lot more users need to refresh their VPN config already stored in connect client.

    as our userportal is usually closed, they call us so we make user portal accessible on WAN zone.

    we deploy connect client with the .pro file and they have been connected before - config already on the machine.

    it's for sure not all users but I would say 200% more calls than the weeks before the hotfix was installed

Reply
  • may be just by chance but we notice a lot more users need to refresh their VPN config already stored in connect client.

    as our userportal is usually closed, they call us so we make user portal accessible on WAN zone.

    we deploy connect client with the .pro file and they have been connected before - config already on the machine.

    it's for sure not all users but I would say 200% more calls than the weeks before the hotfix was installed

Children