Sophos Releases Hotfixes for Critical Firewall Vulnerabilities
/ 1 min read
🛡️💻 Sophos addresses critical vulnerabilities in its Firewall products. Sophos has released hotfixes for three security flaws in its Firewall products, two of which are rated Critical, potentially allowing remote code execution and privileged access. The vulnerabilities include a pre-auth SQL injection (CVE-2024-12727) and a weak credentials issue (CVE-2024-12728), both with a CVSS score of 9.8, and a post-auth code injection vulnerability (CVE-2024-12729) with a score of 8.8. While these flaws affect a small percentage of devices, Sophos recommends users apply the hotfixes and implement temporary workarounds, such as restricting SSH access. This announcement follows recent security concerns involving a Chinese national exploiting a zero-day vulnerability in Sophos firewalls.
