Resolved buffer overflow in XG Firewall v17.x User Portal (CVE-2020-15069)

← Back to Security Advisories Overview
Sophos Firewall
Publication ID: sophos-sa-20200625-xg-user-portal-rce
Article Version: 1
First Published:
Workaround: No


Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.

Sophos quickly responded and remediated with a hotfix that removes the HTTP/S bookmark functionality for all XG Firewalls running SFOS v17.x. XG Firewall v18 was not impacted.

Applies to the following Sophos product(s) and version(s)

  • Sophos XG Firewall v17.5 MR12 and earlier
  • You will receive an email from Sophos if any action is required


  • Ensure you are running a supported version of XG Firewall
  • Hotfix HF062020.1 was published for all firewalls running v17.x
  • Additionally, Sophos recommends that XG Firewall customers upgrade to SFOS v18

Sophos strongly recommends following industry best practices and the additional steps below to fully remediate the issue:

  1. Reset device administrator accounts
  2. Reset passwords for all local user accounts
  3. Disable User Portal access on the WAN unless necessary

Related information