Security Advisories

Critical

Resolved RCE in SG UTM WebAdmin (CVE-2020-25223)

CVE(s):

CVE-2020-25223

Updated: 2021 Sep 23

Product(s):

Sophos UTM

Article Version: 2

Publication ID: sophos-sa-20200918-sg-webadmin-rce

First Published: Fri, 09/18/2020 - 21:11

Workaround: Yes
Medium

Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification

CVE(s):

CVE-2020-24586

CVE-2020-24587

CVE-2020-24588

Updated: 2021 May 12

Product(s):

Sophos Firewall XG

Sophos UTM

Sophos Wireless

Article Version: 1

Publication ID: sophos-sa-20210512-fragattacks

First Published: Wed, 05/12/2021 - 18:13

Workaround: No
High

Resolved LPE in Endpoint for MacOS (CVE-2021-25264)

CVE(s):

CVE-2021-25264

Updated: 2021 May 7

Product(s):

Intercept X

Article Version: 1

Publication ID: sophos-sa-20210507-ix-macos-lpe

First Published: Fri, 05/07/2021 - 18:11

Workaround: No
Critical

Multiple Vulnerabilities (AKA 21Nails) in Exim

CVE(s):

Updated: 2021 May 4

Product(s):

Sophos Firewall XG

Sophos UTM

Article Version: 1

Publication ID: sophos-sa-20210504-exim-21nails

First Published: Tue, 05/04/2021 - 17:33

Workaround: Yes
Medium

Resolved RCE in Sophos Connect Client for Windows (CVE-2021-25265)

CVE(s):

CVE-2021-25265

Updated: 2021 Mar 1

Product(s):

Sophos Connect Client 2.0

Article Version: 1

Publication ID: sophos-sa-20210301-connect-client-rce

First Published: Mon, 03/01/2021 - 19:18

Workaround: No
Medium

Multiple Dnsmasq Vulnerabilities (AKA DNSpooq) in Sophos RED

CVE(s):

CVE-2020-25684

CVE-2020-25685

CVE-2020-25686

Updated: 2021 Jan 19

Product(s):

Sophos RED

Article Version: 1

Publication ID: sophos-sa-20210119-red-dnspooq

First Published: Tue, 01/19/2021 - 20:12

Workaround: No
Critical

Resolved SQLi in Cyberoam OS WebAdmin (CVE-2020-29574)

CVE(s):

CVE-2020-29574

Updated: 2020 Dec 10

Product(s):

Cyberoam OS Devices

Article Version: 1

Publication ID: sophos-sa-20201210-cyberoam-webadmin-sqli

First Published: Thu, 12/10/2020 - 20:50

Workaround: No
Informational

NAT Slipstreaming

CVE(s):

Updated: 2020 Dec 7

Product(s):

Cyberoam OS Devices

Sophos Firewall XG

Sophos UTM

Article Version: 1

Publication ID: sophos-sa-20201207-nat-slipstreaming

First Published: Mon, 12/07/2020 - 16:22

Workaround: No
High

Resolved authenticated RCE issues in User Portal (CVE-2020-17352)

CVE(s):

CVE-2020-17352

Updated: 2020 Aug 7

Product(s):

Sophos Firewall XG

Article Version: 1

Publication ID: sophos-sa-20200807-xg-user-portal-post-auth-rce

First Published: Fri, 08/07/2020 - 21:57

Workaround: No
Critical

Resolved RCE via SQLi (CVE-2020-15504)

CVE(s):

CVE-2020-15504

Updated: 2020 Jul 10

Product(s):

Sophos Firewall XG

Article Version: 1

Publication ID: sophos-sa-20200710-xg-sqli-rce

First Published: Fri, 07/10/2020 - 22:01

Workaround: No
Critical

Resolved buffer overflow in XG Firewall v17.x User Portal (CVE-2020-15069)

CVE(s):

CVE-2020-15069

Updated: 2020 Jun 25

Product(s):

Sophos Firewall XG

Article Version: 1

Publication ID: sophos-sa-20200625-xg-user-portal-rce

First Published: Thu, 06/25/2020 - 22:05

Workaround: No
Critical

Resolved RCE through heap overflow in awarrensmtp (CVE-2020-11503)

CVE(s):

CVE-2020-11503

Updated: 2020 Jun 17

Product(s):

Sophos Firewall XG

Article Version: 1

Publication ID: sophos-sa-20200617-xg-awarrensmtp-rce

First Published: Wed, 06/17/2020 - 22:18

Workaround: No
High

Sophos Anti-Virus for macOS privilege escalation (CVE-2020-10947)

CVE(s):

CVE-2020-10947

Updated: 2020 Apr 16

Product(s):

Intercept X

Article Version: 1

Publication ID: sophos-sa-20200416-sav-macos-lpe

First Published: Thu, 04/16/2020 - 22:22

Workaround: No
Informational

Sophos Comments to CVE-2020-9363

CVE(s):

CVE-2020-9363

Updated: 2020 Mar 12

Product(s):

Sophos UTM

Article Version: 1

Publication ID: sophos-sa-20200312-cve-2020-9363

First Published: Thu, 03/12/2020 - 21:26

Workaround: No
Informational

Exim CVE-2019-15846 and Sophos Products

CVE(s):

CVE-2019-15846

Updated: 2019 Oct 16

Product(s):

Sophos Email

Sophos Firewall XG

Sophos UTM

Article Version: 1

Publication ID: sophos-sa-20191016-exim-cve

First Published: Wed, 10/16/2019 - 22:34

Workaround: No
Critical

Cyberoam Firewall Remote Code Execution Vulnerability (CVE-2019-17059)

CVE(s):

CVE-2019-17059

Updated: 2019 Oct 16

Product(s):

Cyberoam OS Devices

Article Version: 1

Publication ID: sophos-sa-20191016.1-cyberoam-rce

First Published: Wed, 10/16/2019 - 22:31

Workaround: No