Hotfixes for Sophos firewall vulnerabilities released

December 23, 2024

Hotfixes have been revealed for three vulnerabilities affecting Sophos Firewall versions 21.0 GA and older, two of which were of critical severity, reports The Hacker News.

Potential exploitation of the critical pre-auth SQL injection bug, tracked as CVE-2024-12727, and critical weak credentials flaw, tracked as CVE-2024-12728, could prompt remote code execution and account exposure in nearly 0.05% and almost 0.5% of Sophos firewalls, respectively, according to Sophos. RCE attacks are also likely in intrusions leveraging the high-severity post-auth code injection issue, tracked as CVE-2024-12729. Sophos noted that addressing CVE-2024-12727 requires the execution of the "cat /conf/nest_hotfix_status" command from the firewall console's Advanced Shell, while both CVE-2024-12728 and CVE-2024-12729 need the execution of the "system diagnostic show version-info" command. Organizations with vulnerable Sophos firewalls have also been urged to limit SSH access and/or conduct High Availability cluster reconfigurations, as well as deactivate WAN access through SSH and isolate User Portal and Webadmin from WAN, while waiting for official patches.

SC Staff

Vulnerability Management

Apple patches TCC bypass vulnerability

SC StaffDecember 19, 2024

The vulnerability, tracked as CVE-2024-44131, was discovered in the FileProvider component and has been fixed in iOS 18, iPadOS 18, and macOS Sequoia 15 through improved validation of symbolic links.

concept of leaky software, data with a tap sticking out.3d illustration

Data Security

Misconfiguration exposes Virtavo security cam user data

SC StaffDecember 18, 2024

Over 8.7 million records, many of which are duplicates, were discovered within the server, including user phone numbers, network information, device identifiers, performance metrics, and other personal details, according to Cybernews researchers.