Description:

Sophos has released a security hotfix to address a SQL injection vulnerability in Sophos XG Firewall firmware. A remote attacker could exploit the vulnerability by injecting a malicious SQL command via either the Internet-accessible administration interface (HTTPS admin service) or user portal.

Reports indicate that the vulnerability allows a remote attacker to execute malicious code on affected systems in order to retrieve firewall resident information. Exploitation against the vulnerability has been observed. Users are advised to take immediate action to patch the affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• All versions of Sophos XG Firewall firmware on both physical and virtual firewalls

Impact:

Successful exploitation of the vulnerability could lead to remote code execution and information disclosure on an affected system.

Recommendation:

Sophos has released a hotfix to all supported XG Firewall or Sophos Firewall Operating System (SFOS) versions to fix the vulnerability. System administrators of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

System administrators are also advised to follow the security best practice to disable the unnecessary Internet access to the administration interface and user portal of the firewall.

More Information:

- https://community.sophos.com/kb/en-us/135412