SB2024122002 - Multiple vulnerabilities in Sophos Firewall
Published: December 20, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2024-12727)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted request to the affected appliance and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and execute arbitrary code remotely if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
2) Use of Weak Credentials (CVE-ID: CVE-2024-12728)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to the suggested and non-random SSH login passphrase for High Availability (HA)
cluster initialization remained active after the HA establishment
process completed. A remote attacker can use this passphrase to connect to devices using SSH and compromise the affected system.
3) OS Command Injection (CVE-ID: CVE-2024-12729)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the User Portal. A remote authenticated user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Remediation
Install update from vendor's website.