Security Advisories

High

Resolved LPE in HitmanPro (CVE-2021-25271)

CVE(s):

CVE-2021-25271

Updated: 2021 Oct 7

Product(s):

HitmanPro

Article Version: 2

Publication ID: sophos-sa-20211007-hmp-lpe

First Published: Jue, 07/10/2021 - 09:56

Workaround: No
High

Resolved LPE in HitmanPro.Alert (CVE-2021-25270)

CVE(s):

CVE-2021-25270

Updated: 2021 Oct 7

Product(s):

HitmanPro.Alert

Article Version: 2

Publication ID: sophos-sa-20211007-hmpa-lpe

First Published: Jue, 07/10/2021 - 10:23

Workaround: No
Critical

Resolved RCE in SG UTM WebAdmin (CVE-2020-25223)

CVE(s):

CVE-2020-25223

Updated: 2021 Sep 23

Product(s):

Sophos UTM

Article Version: 2

Publication ID: sophos-sa-20200918-sg-webadmin-rce

First Published: Vie, 18/09/2020 - 21:11

Workaround: Yes
Medium

Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification

CVE(s):

CVE-2020-24586

CVE-2020-24587

CVE-2020-24588

Updated: 2021 Mayo 12

Product(s):

Sophos Firewall XG

Sophos UTM

Sophos Wireless

Article Version: 1

Publication ID: sophos-sa-20210512-fragattacks

First Published: Mié, 12/05/2021 - 18:13

Workaround: No
High

Resolved LPE in Endpoint for MacOS (CVE-2021-25264)

CVE(s):

CVE-2021-25264

Updated: 2021 Mayo 7

Product(s):

Intercept X

Article Version: 1

Publication ID: sophos-sa-20210507-ix-macos-lpe

First Published: Vie, 07/05/2021 - 18:11

Workaround: No
Critical

Multiple Vulnerabilities (AKA 21Nails) in Exim

CVE(s):

Updated: 2021 Mayo 4

Product(s):

Sophos Firewall XG

Sophos UTM

Article Version: 1

Publication ID: sophos-sa-20210504-exim-21nails

First Published: Mar, 04/05/2021 - 17:33

Workaround: Yes
Medium

Resolved RCE in Sophos Connect Client for Windows (CVE-2021-25265)

CVE(s):

CVE-2021-25265

Updated: 2021 Mar 1

Product(s):

Sophos Connect Client 2.0

Article Version: 1

Publication ID: sophos-sa-20210301-connect-client-rce

First Published: Lun, 01/03/2021 - 19:18

Workaround: No
Medium

Multiple Dnsmasq Vulnerabilities (AKA DNSpooq) in Sophos RED

CVE(s):

CVE-2020-25684

CVE-2020-25685

CVE-2020-25686

Updated: 2021 Ene 19

Product(s):

Sophos RED

Article Version: 1

Publication ID: sophos-sa-20210119-red-dnspooq

First Published: Mar, 19/01/2021 - 20:12

Workaround: No
Critical

Resolved SQLi in Cyberoam OS WebAdmin (CVE-2020-29574)

CVE(s):

CVE-2020-29574

Updated: 2020 Dic 10

Product(s):

Cyberoam OS Devices

Article Version: 1

Publication ID: sophos-sa-20201210-cyberoam-webadmin-sqli

First Published: Jue, 10/12/2020 - 20:50

Workaround: No
Informational

NAT Slipstreaming

CVE(s):

Updated: 2020 Dic 7

Product(s):

Cyberoam OS Devices

Sophos Firewall XG

Sophos UTM

Article Version: 1

Publication ID: sophos-sa-20201207-nat-slipstreaming

First Published: Lun, 07/12/2020 - 16:22

Workaround: No
High

Resolved authenticated RCE issues in User Portal (CVE-2020-17352)

CVE(s):

CVE-2020-17352

Updated: 2020 Ago 7

Product(s):

Sophos Firewall XG

Article Version: 1

Publication ID: sophos-sa-20200807-xg-user-portal-post-auth-rce

First Published: Vie, 07/08/2020 - 21:57

Workaround: No
Critical

Resolved RCE via SQLi (CVE-2020-15504)

CVE(s):

CVE-2020-15504

Updated: 2020 Jul 10

Product(s):

Sophos Firewall XG

Article Version: 1

Publication ID: sophos-sa-20200710-xg-sqli-rce

First Published: Vie, 10/07/2020 - 22:01

Workaround: No
Critical

Resolved buffer overflow in XG Firewall v17.x User Portal (CVE-2020-15069)

CVE(s):

CVE-2020-15069

Updated: 2020 Jun 25

Product(s):

Sophos Firewall XG

Article Version: 1

Publication ID: sophos-sa-20200625-xg-user-portal-rce

First Published: Jue, 25/06/2020 - 22:05

Workaround: No
Critical

Resolved RCE through heap overflow in awarrensmtp (CVE-2020-11503)

CVE(s):

CVE-2020-11503

Updated: 2020 Jun 17

Product(s):

Sophos Firewall XG

Article Version: 1

Publication ID: sophos-sa-20200617-xg-awarrensmtp-rce

First Published: Mié, 17/06/2020 - 22:18

Workaround: No
High

Sophos Anti-Virus for macOS privilege escalation (CVE-2020-10947)

CVE(s):

CVE-2020-10947

Updated: 2020 Abr 16

Product(s):

Intercept X

Article Version: 1

Publication ID: sophos-sa-20200416-sav-macos-lpe

First Published: Jue, 16/04/2020 - 22:22

Workaround: No
Informational

Sophos Comments to CVE-2020-9363

CVE(s):

CVE-2020-9363

Updated: 2020 Mar 12

Product(s):

Sophos UTM

Article Version: 1

Publication ID: sophos-sa-20200312-cve-2020-9363

First Published: Jue, 12/03/2020 - 21:26

Workaround: No
Critical

Cyberoam Firewall Remote Code Execution Vulnerability (CVE-2019-17059)

CVE(s):

CVE-2019-17059

Updated: 2019 Oct 16

Product(s):

Cyberoam OS Devices

Article Version: 1

Publication ID: sophos-sa-20191016.1-cyberoam-rce

First Published: Mié, 16/10/2019 - 22:31

Workaround: No
Informational

Exim CVE-2019-15846 and Sophos Products

CVE(s):

CVE-2019-15846

Updated: 2019 Oct 16

Product(s):

Sophos Email

Sophos Firewall XG

Sophos UTM

Article Version: 1

Publication ID: sophos-sa-20191016-exim-cve

First Published: Mié, 16/10/2019 - 22:34

Workaround: No