New code injection vulnerability in the User Portal and Webadmin of Sophos Firewall

Surprised there is no 'banner' announcement of this in the community forum (I learnt about it from a third party security mailing list). I've said it before but I will say it again, I think it is a major failing of Sophos not to have a security alert mailing list.

Details here - https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

How to check if your XG has been patched - https://support.sophos.com/support/s/article/KB-000044539?language=en_US



Added TAGs
[edited by: emmosophos at 9:53 PM (GMT -7) on 23 Sep 2022]