Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +6 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Subscribers 19 subscribers
  • Views 9071 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exim Schwachstelle

Simon Straubinger

Hallo zusammen,

im Exim gibt es seit gestern eine Schwachstelle weiß hier jemand ob auch die Sophos XG Firewall davon betroffen ist.

Hier noch die CVE Nummer: CVE-2023-42119  der Score liegt bei 9,8

Mit freundlichen Grüßen

Straubinger Simon



This thread was automatically locked due to age.
Parents
  • +1

    Hello Simon / Team,

    Update:

    Recently some vulnerabilities for exim have been reported. Vulnerabilities reported are:

    CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42219.

    Please find more information about Sophos products being vulnerable:

    CVE-2023-42114: SFOS + UTM are not vulnerable because the SPA (NTLM) authentication method required to exploit is not used 

     CVE-2023-42115: SFOS + UTM are not vulnerable  because the EXTERNAL authentication method required to exploit is not used 

     CVE-2023-42116: SFOS + UTM are not vulnerable  because the SPA (NTLM) authentication method required to exploit is not used 

     CVE-2023-42117: SFOS + UTM are not vulnerable because the proxy-protocol support required to exploit is not used 

    UTM and SFOS are both affected by the libspf2 vulnerability (CVE-2023-42118). Customers using Email Security and have turned on Sender Policy Framework (SPF) are vulnerable to this.

    CVE-2023-42219: Under investigation. There's not enough info from exim yet to determine if we're vulnerable, but it's a CVSS 3.1 so lower severity compared to the others. 

    Workaround:

    Disable SPF using the following steps

    SFOS:

          Turn off SPF in all (MTA mode) SMTP policies under "Email >> Policies & exceptions >> [edit policy] >> Spam protection >> Reject based on SPF".

    An SFOS hotfix will be released to patch this vulnerability by 5th October.

     

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • +1

    Hello Simon / Team,

    Update:

    Recently some vulnerabilities for exim have been reported. Vulnerabilities reported are:

    CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42219.

    Please find more information about Sophos products being vulnerable:

    CVE-2023-42114: SFOS + UTM are not vulnerable because the SPA (NTLM) authentication method required to exploit is not used 

     CVE-2023-42115: SFOS + UTM are not vulnerable  because the EXTERNAL authentication method required to exploit is not used 

     CVE-2023-42116: SFOS + UTM are not vulnerable  because the SPA (NTLM) authentication method required to exploit is not used 

     CVE-2023-42117: SFOS + UTM are not vulnerable because the proxy-protocol support required to exploit is not used 

    UTM and SFOS are both affected by the libspf2 vulnerability (CVE-2023-42118). Customers using Email Security and have turned on Sender Policy Framework (SPF) are vulnerable to this.

    CVE-2023-42219: Under investigation. There's not enough info from exim yet to determine if we're vulnerable, but it's a CVSS 3.1 so lower severity compared to the others. 

    Workaround:

    Disable SPF using the following steps

    SFOS:

          Turn off SPF in all (MTA mode) SMTP policies under "Email >> Policies & exceptions >> [edit policy] >> Spam protection >> Reject based on SPF".

    An SFOS hotfix will be released to patch this vulnerability by 5th October.

     

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data
Unfiltered HTML