Voltar à Visão geral dos comunicados de segurança
Critical
CVE
CVE-2020-15069
Updated:
Produto(s)
Sophos Firewall
ID da publicação
sophos-sa-20200625-xg-user-portal-rce
Versão do artigo
1
Primeira publicação
Solução alternativa
No
Overview
Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.
Sophos quickly responded and remediated with a hotfix that removes the HTTP/S bookmark functionality for all XG Firewalls running SFOS v17.x. XG Firewall v18 was not impacted.
Applies to the following Sophos product(s) and version(s)
- Sophos XG Firewall v17.5 MR12 and earlier
- You will receive an email from Sophos if any action is required
Remediation
- Ensure you are running a supported version of XG Firewall
- Hotfix HF062020.1 was published for all firewalls running v17.x
- Additionally, Sophos recommends that XG Firewall customers upgrade to SFOS v18
Sophos strongly recommends following industry best practices and the additional steps below to fully remediate the issue:
- Reset device administrator accounts
- Reset passwords for all local user accounts
- How to identify Local, AD, and Guest users: https://community.sophos.com/kb/en-us/135419
- Local user password reset: https://community.sophos.com/kb/en-us/135493
- How to change the password for local users from the User Portal: https://community.sophos.com/kb/en-us/135495
- Disable User Portal access on the WAN unless necessary
- How to disable User Portal access on WAN: https://community.sophos.com/kb/en-us/135414
Related information
- CVE-2020-15069: https://nvd.nist.gov/vuln/detail/CVE-2020-15069
- Ensure that you have enabled the automatic installation of hotfixes: https://community.sophos.com/kb/en-us/135415
- Related Community post: https://community.sophos.com/products/xg-firewall/f/network-and-routing/121486/user-portal-disabled-across-multiple-xg-firewalls-by-cli-user/#pi2151filter=answers&pi2151scroll=false