CVE-2020-12271

Name of the Vulnerable Software and Affected Versions Sophos SFOS versions 17.0 through 18.0 before 2020-04-25

Description A SQL injection issue was found in Sophos XG Firewall devices, which was exploited in the wild in April 2020. This issue affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access. The estimated number of potentially affected devices worldwide is over 81,000, with more than 23,000 devices affected in the US, including 36 devices on critical infrastructure objects.

Recommendations For Sophos SFOS versions 17.0 through 18.0 before 2020-04-25, update to a version released after 2020-04-25 to fix the SQL injection vulnerability. As a temporary workaround, consider restricting access to the administration (HTTPS) service and the User Portal on the WAN zone until a patch is available. Avoid using devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone until the issue is resolved. At the moment, there is no additional information about other mitigation measures.