Thread Info
  • State Suggested Answer
  • +5 person also asked this people also asked this
  • Locked Locked
  • Replies 25 replies
  • Answers 2 answers
  • Subscribers 55 subscribers
  • Views 12609 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

KBA 135412 - What does Compromised mean in this fix

Antonvan Duin

What exactly does compromised mean regarding this hotfix. Does this mean that Sophos checked if Admin service and / or User Portal where allowed on the WAN port(s), or that Sophos found that the vulnerability was exploided on the XG Firewall?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    At this time, there is no indication that the attack accessed anything on the local networks behind any impacted XG Firewall. It appears the attack was designed to download payloads intended to exfiltrate XG Firewall-resident data.

    The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.

    Passwords associated with external authentication systems such as AD or LDAP are unaffected. We are continuing to investigate and expect to release more details of the attack.  Please follow https://community.sophos.com/kb/en-us/135412 for further updates.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Hi Keyur,

     

    I understand that, but what makes the hotfix decide if a XF is compromised, or not-compromised (the message on the dashboard of the XG). Is this because the Admin Access and / or User Portal was allowed on the WAN interface(s) or did Sophos investigate on the XG appliance and found evidence that the vulnerability was exploided?

Reply
  • 0 in reply to Keyur

    Hi Keyur,

     

    I understand that, but what makes the hotfix decide if a XF is compromised, or not-compromised (the message on the dashboard of the XG). Is this because the Admin Access and / or User Portal was allowed on the WAN interface(s) or did Sophos investigate on the XG appliance and found evidence that the vulnerability was exploided?

Children
Unfiltered HTML