CVE-2020-20813

Hello, I verified that my Sophos XGS SFOS 20.0.0 GA-Build222 has OpenVPN 2.4.7 which is vulnerable to CVE-2020-20813 which according to NIST has a high level. As I use SSL VPN for remote access, I need to know if my firewall is vulnerable.

Best Regards
Marchon

Added TAGs
[edited by: Raphael Alganes at 12:57 AM (GMT -7) on 15 Jul 2024]

Top Replies

Vivek Jagad 26 days ago +1 suggested

Hi Elvys Marchon , Thank you for reaching out to the community, SFOS 20.0.1 MR-1 is not affected. For OpenVPN 2.4.7 and earlier are affected SFVUNL_SO01_SFOS 20.0.1 MR-1-Build340# openvpn --version OpenVPN…

0 Vivek Jagad 26 days ago

Hi Elvys Marchon ,

Thank you for reaching out to the community, SFOS 20.0.1 MR-1 is not affected.

For OpenVPN 2.4.7 and earlier are affected
SFVUNL_SO01_SFOS 20.0.1 MR-1-Build340# openvpn --version
OpenVPN 2.6.0 x86_64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] (Already upgraded)
library versions: OpenSSL 3.0.10 1 Aug 2023, LZO 2.09

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel