Weak Credentials Vulnerability in Sophos Firewall Affecting Older Versions

CVE-2024-12728

Summary

CVE-2024-12728 is a significant weak credentials vulnerability identified in Sophos Firewall, affecting all versions prior to 20.0 MR3 (20.0.3). This vulnerability potentially allows unauthorized users to achieve privileged system access via secure shell (SSH) protocols. Organizations utilizing these affected versions are strongly advised to upgrade to the latest software version to mitigate risks of unauthorized access and potential exploitation. For more information and guidance, visit the official Sophos security advisory.

News Articles

SystemTek

CVE-2024-12728CVE-2024-12729

Sophos issues hotfixes for three critical flaws in XG firewall

Sophos has issued hotfixes to resolve three security vulnerabilities in its Firewall products. These flaws, under certain conditions, could enable remote code execution and grant privileged system...

2 weeks ago

Cyber Security News

CVE-2024-12728CVE-2024-12729

Critical Sophos Firewall Vulnerabilities Let Attackers Execute Remote Code

Sophos, a leading cybersecurity firm, recently announced the resolution of three critical security vulnerabilities in its Sophos Firewall product. These vulnerabilities could potentially allow attackers to execute remote code on affected systems.

2 weeks ago

BleepingComputer

CVE-2024-12728CVE-2024-12729

Sophos Firewall vulnerable to critical remote code execution flaw

Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices.

2 weeks ago

More News...

References