Resolved buffer overflow in XG Firewall v17.x User Portal (CVE-2020-15069)

Voltar à Visão geral dos comunicados de segurança
Critical
CVE
CVE-2020-15069
Updated:
Produto(s)
Sophos Firewall
ID da publicação sophos-sa-20200625-xg-user-portal-rce
Versão do artigo 1
Primeira publicação
Solução alternativa No

Overview

Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.

Sophos quickly responded and remediated with a hotfix that removes the HTTP/S bookmark functionality for all XG Firewalls running SFOS v17.x. XG Firewall v18 was not impacted.

Applies to the following Sophos product(s) and version(s)

  • Sophos XG Firewall v17.5 MR12 and earlier
  • You will receive an email from Sophos if any action is required

Remediation

  • Ensure you are running a supported version of XG Firewall
  • Hotfix HF062020.1 was published for all firewalls running v17.x
  • Additionally, Sophos recommends that XG Firewall customers upgrade to SFOS v18

Sophos strongly recommends following industry best practices and the additional steps below to fully remediate the issue:

  1. Reset device administrator accounts
  2. Reset passwords for all local user accounts
  3. Disable User Portal access on the WAN unless necessary

Related information