Summary
Security updates have been released that fix 3 vulnerabilities, 2 of which are rated “critical” and one is rated “high,” in Sophos Firewalls. These vulnerabilities, if exploited, could allow an attacker to gain elevated privileges or execute arbitrary code remotely on the affected system.
Risk
Estimate of the vulnerability’s impact on the reference community: High (66.41)
Type
- Remote Code Execution
- Privilege Escalation
Affected products and versions
Sophos Firewall, version 21.0 GA (21.0.0) and earlier
Mitigation actions
In line with the vendor’s statements, it is recommended to apply the available mitigations following the indications reported in the security bulletin in the References section.
References
https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
