A critical vulnerability in Sophos’ firewalls allows remote code execution or could give an attacker SSH access. The company has released security updates to fix the problem. The first critical vulnerability (CVE-2024-12727) allows an unauthenticated attacker to perform SQL Injection, thereby gaining access to a firewall database. If the firewall has a specific configuration and runs in a certain mode, this can lead to remote code execution.
According to Sophos, this problem affects 0.05 percent of all firewalls. The second critical vulnerability (CVE-2024-12728) allows an SSH login passphrase for High Availability (HA) cluster initialization to remain active after the initialization process has completed. When SSH is enabled on the firewall, an attacker can abuse this and log in via SSH as a ‘privileged system account’. This issue affects 0.5 percent of firewalls, according to Sophos. The impact of both vulnerabilities was rated 9.8 on a scale of 1 to 10.
