Security Advisories

Advisory

Impact

CVE

Product Family

Sort by

Items per page

Critical

Advisory: Log4j zero-day vulnerability AKA Log4Shell (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832)

CVE(s):

CVE-2021-44228

CVE-2021-45046

CVE-2021-45105

CVE-2021-44832

Updated: 2022 Jan 13

Product(s):

Client Authentication Agent

Cloud Optix

Intercept X Endpoint

Intercept X for Server

Reflexion

SafeGuard Enterprise (SGN)

SG UTM

SG UTM Manager

Sophos Authenticator

Sophos Central

Sophos Connect Client 2.0

Sophos Email

Sophos Email Appliance (SEA)

Sophos Enterprise Console (SEC)

Sophos Firewall

Sophos Home

Sophos Mobile

Sophos Mobile EAS Proxy

Sophos RED

Sophos SSL VPN client

Sophos Transparent Authentication Suite (STAS)

Sophos Web Appliance (SWA)

Sophos Wireless

Sophos ZTNA

SophosLabs Intelix

Article Version: 27

Publication ID: sophos-sa-20211210-log4j-rce

First Published: Fri, 12/10/2021 - 13:45

Workaround: No
High

Resolved Post-auth SQLi in SG UTM User Portal (CVE-2021-36807)

CVE(s):

CVE-2021-36807

Updated: 2021 Nov 26

Product(s):

SG UTM

Article Version: 1

Publication ID: sophos-sa-20211126-sg-sqli

First Published: Fri, 11/26/2021 - 10:07

Workaround: No
Medium

Resolved HMPA Service Local DoS (CVE-2021-25269)

CVE(s):

CVE-2021-25269

Updated: 2021 Nov 26

Product(s):

Sophos Exploit Prevention

Intercept X for Server

Intercept X Endpoint

Article Version: 1

Publication ID: sophos-sa-20211126-ixa-hmpa-local-dos

First Published: Fri, 11/26/2021 - 08:00

Workaround: No
Medium

Resolved App Password Bypass on Sophos Secure Workspace for Android (CVE-2021-36808)

CVE(s):

CVE-2021-36808

Updated: 2021 Oct 29

Product(s):

Sophos Secure Workspace (Android)

Article Version: 1

Publication ID: sophos-sa-20211029-ssw-pw-bypass

First Published: Fri, 10/29/2021 - 17:41

Workaround: No
High

Resolved LPE in HitmanPro (CVE-2021-25271)

CVE(s):

CVE-2021-25271

Updated: 2021 Oct 7

Product(s):

HitmanPro

Article Version: 2

Publication ID: sophos-sa-20211007-hmp-lpe

First Published: Thu, 10/07/2021 - 09:56

Workaround: No
High

Resolved LPE in HitmanPro.Alert (CVE-2021-25270)

CVE(s):

CVE-2021-25270

Updated: 2021 Oct 7

Product(s):

HitmanPro.Alert

Article Version: 2

Publication ID: sophos-sa-20211007-hmpa-lpe

First Published: Thu, 10/07/2021 - 10:23

Workaround: No
Critical

Resolved RCE in SG UTM WebAdmin (CVE-2020-25223)

CVE(s):

CVE-2020-25223

Updated: 2021 Sep 23

Product(s):

SG UTM

Article Version: 2

Publication ID: sophos-sa-20200918-sg-webadmin-rce

First Published: Fri, 09/18/2020 - 21:11

Workaround: Yes
Medium

Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification

CVE(s):

CVE-2020-24586

CVE-2020-24587

CVE-2020-24588

Updated: 2021 May 12

Product(s):

Sophos Firewall

SG UTM

Sophos Wireless

Article Version: 1

Publication ID: sophos-sa-20210512-fragattacks

First Published: Wed, 05/12/2021 - 18:13

Workaround: No
High

Resolved LPE in Endpoint for MacOS (CVE-2021-25264)

CVE(s):

CVE-2021-25264

Updated: 2021 May 7

Product(s):

Intercept X Endpoint

Article Version: 1

Publication ID: sophos-sa-20210507-ix-macos-lpe

First Published: Fri, 05/07/2021 - 18:11

Workaround: No
Critical

Multiple Vulnerabilities (AKA 21Nails) in Exim

CVE(s):

Updated: 2021 May 4

Product(s):

Sophos Firewall

SG UTM

Article Version: 1

Publication ID: sophos-sa-20210504-exim-21nails

First Published: Tue, 05/04/2021 - 17:33

Workaround: Yes
Medium

Resolved RCE in Sophos Connect Client for Windows (CVE-2021-25265)

CVE(s):

CVE-2021-25265

Updated: 2021 Mar 1

Product(s):

Sophos Connect Client 2.0

Article Version: 1

Publication ID: sophos-sa-20210301-connect-client-rce

First Published: Mon, 03/01/2021 - 19:18

Workaround: No
Medium

Multiple Dnsmasq Vulnerabilities (AKA DNSpooq) in Sophos RED

CVE(s):

CVE-2020-25684

CVE-2020-25685

CVE-2020-25686

Updated: 2021 Jan 19

Product(s):

Sophos RED

Article Version: 1

Publication ID: sophos-sa-20210119-red-dnspooq

First Published: Tue, 01/19/2021 - 20:12

Workaround: No
Critical

Resolved SQLi in Cyberoam OS WebAdmin (CVE-2020-29574)

CVE(s):

CVE-2020-29574

Updated: 2020 Dec 10

Product(s):

Cyberoam OS Devices

Article Version: 1

Publication ID: sophos-sa-20201210-cyberoam-webadmin-sqli

First Published: Thu, 12/10/2020 - 20:50

Workaround: No
Informational

NAT Slipstreaming

CVE(s):

Updated: 2020 Dec 7

Product(s):

Cyberoam OS Devices

Sophos Firewall

SG UTM

Article Version: 1

Publication ID: sophos-sa-20201207-nat-slipstreaming

First Published: Mon, 12/07/2020 - 16:22

Workaround: No
High

Resolved authenticated RCE issues in User Portal (CVE-2020-17352)

CVE(s):

CVE-2020-17352

Updated: 2020 Aug 7

Product(s):

Sophos Firewall

Article Version: 1

Publication ID: sophos-sa-20200807-xg-user-portal-post-auth-rce

First Published: Fri, 08/07/2020 - 21:57

Workaround: No
Critical

Resolved RCE via SQLi (CVE-2020-15504)

CVE(s):

CVE-2020-15504

Updated: 2020 Jul 10

Product(s):

Sophos Firewall

Article Version: 1

Publication ID: sophos-sa-20200710-xg-sqli-rce

First Published: Fri, 07/10/2020 - 22:01

Workaround: No
Critical

Resolved buffer overflow in XG Firewall v17.x User Portal (CVE-2020-15069)

CVE(s):

CVE-2020-15069

Updated: 2020 Jun 25

Product(s):

Sophos Firewall

Article Version: 1

Publication ID: sophos-sa-20200625-xg-user-portal-rce

First Published: Thu, 06/25/2020 - 22:05

Workaround: No
Critical

Resolved RCE through heap overflow in awarrensmtp (CVE-2020-11503)

CVE(s):

CVE-2020-11503

Updated: 2020 Jun 17

Product(s):

Sophos Firewall

Article Version: 1

Publication ID: sophos-sa-20200617-xg-awarrensmtp-rce

First Published: Wed, 06/17/2020 - 22:18

Workaround: No
High

Sophos Anti-Virus for macOS privilege escalation (CVE-2020-10947)

CVE(s):

CVE-2020-10947

Updated: 2020 Apr 16

Product(s):

Intercept X Endpoint

Article Version: 1

Publication ID: sophos-sa-20200416-sav-macos-lpe

First Published: Thu, 04/16/2020 - 22:22

Workaround: No
Informational

Sophos Comments to CVE-2020-9363

CVE(s):

CVE-2020-9363

Updated: 2020 Mar 12

Product(s):

SG UTM

Article Version: 1

Publication ID: sophos-sa-20200312-cve-2020-9363

First Published: Thu, 03/12/2020 - 21:26

Workaround: No