Hi Community!  

The  AP firmware 11.0.017 has been released for Sophos Firewall OS (SFOS). This pattern update has a fix for the recently discovered Wi-Fi vulnerabilities AKA FragAttacks in legacy Access Points.  In addition to the patch, this update also includes Security fixes for APX models and bug fixes for Mesh. 


Maintenance Release 



  • NAF-41 APX : openssl 1.0.2h update and patch CVE-2020-1971
  • NAF-43 APX : openssl 1.0.2h update and patch CVE-2021-23840 and CVE-2021-23841 
  • NAF-48 APX: MESH won't be established 
  • NAF-55 Frag Attack: Fix vulnerabilities for legacy APs 
  • NAF-63 APX: address critical/high-risk CVEs in openssl 
  • NAF-65 APX: Address iperf critical/high-risk CVEs 
  • NAF-66 APX: Address tcpdump critical/high-risk CVEs 
  • NAF-67 APX: upgrade libcurl version to 7.78.0 to fix CVEs 
  • NAF-68 APX: Address critical/high-risk CVEs for binutils 
  • NAF-135 Legacy AP: Handle newboo induced compilation issue due to lex command 
  • NAF-82 APX: Address critical/high kernel CVEs 
  • NAF-83 SSIDs are not being broadcasted when 5GHz is configured on AP100X 
  • NAF-86 Legacy AP: MESH won't be established 


SFOS Firmware Version: 

This release is available to SFOS firewalls running the following firmware versions: 

  • SFOS v15.01 onwards 


Install Instructions 

  • On Sophos Firewall web UI, navigate to Backup & Firmware > Pattern Updates. 
  • If the AP firmware version is older than this release, click Update Pattern Now 
  • When ready to deploy new firmware to connected Access Point devices, click Install. 
  • Access Point devices will be rebooted during the firmware installation process 

Related Information