I have to say this vulnerability in the device I use to protect my network, has me rattled. I hope that Sophos will be forthcoming with why this escaped the testing that you would have presumed they perform on the Sophos OS.
Two things concern me greatly:
Reset passwords for all local user accounts - does this mean all accounts used in my local network?
Note: While customers should always conduct their own internal investigation, at this point Sophos is not aware of any subsequent remote access attempts to impacted XG devices using the stolen credentials. So how do I check this out? Are the logs on the firewall any use?
At this time, there is no indication that the attack accessed anything on the local networks behind any impacted XG Firewall. F..k!
As I tweeted, had I known on the 23rd of what appears to be a very serious vulnerability, I would have taken preventative measures. Now I am not sure where to start.
I understand that COVID-19 is having impact, particularly in the UK. It is affecting us all. I feel for those users of Sophos devices with large client user bases who are all working remotely. What a nightmare.
What a way to end Anzac Day.
Quote