First published: Mon Jun 29 2020(Updated: )
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sophos Xg Firewall Firmware | >=17.0<17.5 | |
Sophos Xg Firewall Firmware | =17.5 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release1 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release10 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release11 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release12 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release3 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release4 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release5 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release6 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release7 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release8 | |
Sophos Xg Firewall Firmware | =17.5-maintenance_release9 | |
Sophos XG Firewall |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15069 is a vulnerability that allows a buffer overflow and remote code execution in Sophos XG Firewall 17.x through v17.5 MR12.
CVE-2020-15069 affects Sophos XG Firewall 17.x through v17.5 MR12 by allowing a buffer overflow and enabling remote code execution via the HTTP/S Bookmarks feature for clientless access.
CVE-2020-15069 has a severity rating of 9.8 (critical).
Yes, a hotfix named HF062020.1 was published for all firewalls running v17.x to address the vulnerability.
You can find more information about CVE-2020-15069 on the Sophos community security blog: https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal