Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions What about strongSwan Vulnerability (CVE-2023-41913) ?

Sophos Firewall requires membership for participation - click to join

Thread Info

State Verified Answer
+1 person also asked this people also asked this
Locked Locked
Replies 3 replies
Answers 1 answer
Subscribers 41 subscribers
Views 15774 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What about strongSwan Vulnerability (CVE-2023-41913) ?

Francis Gudin 11 months ago

Hello,

I had a look into our XG firewall and saw this:

XG310_WP02_SFOS 19.5.3 MR-3-Build652 HA-Primary# /libexec/ipsec/charon --version
Linux strongSwan 5.5.3

Are there any mitigation available or required ? Or is a fix being worked on ?

For reference, here’s the announcement: www.strongswan.org/.../strongswan-vulnerability-(cve-2023-41913).html

Thanks in advance,

--

Francis

This thread was automatically locked due to age.

Top Replies

Giridhar Katti 11 months ago +1 verified

SFOS ships Strongswan version 5.5.3(as v20.0). CVE-2023-41913 affects the Charon TKM(Traffic Keying Module), which we dont enable while compiling Strongswan in SFOS. So we are Not affected.

Parents

0 Vivek Jagad 11 months ago

Hello Francis Gudin ,

Thank you for reaching out to the community, SFOS is not affected.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Vivek Jagad 11 months ago

Hello Francis Gudin ,

Thank you for reaching out to the community, SFOS is not affected.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Francis Gudin 11 months ago in reply to Vivek Jagad

Good news.

Thanks, and regards,

--

Francis
Cancel
Vote Up 0 Vote Down

Cancel