This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

KBA 135412 - What does Compromised mean in this fix

What exactly does compromised mean regarding this hotfix. Does this mean that Sophos checked if Admin service and / or User Portal where allowed on the WAN port(s), or that Sophos found that the vulnerability was exploided on the XG Firewall?



This thread was automatically locked due to age.
Parents
  • Hello,

    My answer is not an official answer but I think I can help you a bit. I have 46 XG Firewalls, and only 9 received the "Hotfix applied for SQL injection and partially cleaned" message. The 37 other firewalls received the "Hotfix applied for SQL injection . Your device was NOT compromised" message.

    100% of the 46 firewalls were not accessible from WAN on the Admin service, but only with User Portal. The 9 "compromised" were configured to use the 8443 https port for User Portal, and the 37 other firewalls another port.

     

    So 100% of my firewalls had User Portal accessible from WAN, but only 9 received the "partially cleaned" message from Sophos. So, in my opinion, Sophos analyzed the xg firewalls and found that the vulnerability was exploited.

     

    Regards.

    Viken

    XG Certified Engineer

    Sophos Gold Partner - Reseller from Lyon, France

Reply
  • Hello,

    My answer is not an official answer but I think I can help you a bit. I have 46 XG Firewalls, and only 9 received the "Hotfix applied for SQL injection and partially cleaned" message. The 37 other firewalls received the "Hotfix applied for SQL injection . Your device was NOT compromised" message.

    100% of the 46 firewalls were not accessible from WAN on the Admin service, but only with User Portal. The 9 "compromised" were configured to use the 8443 https port for User Portal, and the 37 other firewalls another port.

     

    So 100% of my firewalls had User Portal accessible from WAN, but only 9 received the "partially cleaned" message from Sophos. So, in my opinion, Sophos analyzed the xg firewalls and found that the vulnerability was exploited.

     

    Regards.

    Viken

    XG Certified Engineer

    Sophos Gold Partner - Reseller from Lyon, France

Children
No Data