Severity Rating: HIGH
Software Affected
Sophos XG Firewall v17.5 MR12 and prior to.
Overview
A vulnerability have been reported in Sophos XG Firewall which could allow
an attacker to gain access of physical and virtual units configured with
the user portal.
Description
A Vulnerability exists in Sophos XG Firewall v17.xdue to a software bug
that could allow the attacker to gain access of physical and virtual units
configured with the user portal exposed on WAN. An attacker could exploit
this vulnerability by accessing the affected physical and virtual units.
Successful exploitation of this vulnerability could allow the attacker to
access of the vulnerable devices with the user portal.
Best Practices:
Reset device administrator accounts
Reset passwords for all local user accounts
Disable User Portal access on the WAN unless necessary.
Solution
Apply appropriate updates as mentioned in:
- -vulnerability-in-user-portal
Vendor Information
SOPHOS
- -vulnerability-in-user-portal
References
SOPHOS
- -vulnerability-in-user-portal
CVE Name
CVE-2020-15069
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.