Weak Credentials Vulnerability in Sophos Firewall Affecting Older Versions
CVE-2024-12728
Key Information:
- Vendor
- Sophos
- Status
- Vendor
- CVE Published:
- 19 December 2024
Badges
Summary
CVE-2024-12728 is a significant weak credentials vulnerability identified in Sophos Firewall, affecting all versions prior to 20.0 MR3 (20.0.3). This vulnerability potentially allows unauthorized users to achieve privileged system access via secure shell (SSH) protocols. Organizations utilizing these affected versions are strongly advised to upgrade to the latest software version to mitigate risks of unauthorized access and potential exploitation. For more information and guidance, visit the official Sophos security advisory.
Affected Version(s)
Sophos Firewall 0 < 20.0 MR3 (20.0.3)
Get notified when SecurityVulnerability.io launches alerting ๐
Well keep you posted ๐ง
News Articles
SystemTekSophos issues hotfixes for three critical flaws in XG firewall
Sophos has issued hotfixes to resolve three security vulnerabilities in its Firewall products. These flaws, under certain conditions, could enable remote code execution and grant privileged system...
Cyber Security NewsCritical Sophos Firewall Vulnerabilities Let Attackers Execute Remote Code
Sophos, a leading cybersecurity firm, recently announced the resolution of three critical security vulnerabilities in its Sophos Firewall product. These vulnerabilities could potentially allow attackers to execute remote code on affected systems.
Sophos Firewall vulnerable to critical remote code execution flaw
Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices.
References
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved