Remote Code Execution Risk in Sophos Firewall User Portal
CVE-2024-12729

8.8HIGH

Key Information:

Vendor
Sophos
Status
Sophos Firewall
Vendor
CVE Published:
19 December 2024

Badges

πŸ“ˆ Score: 106πŸ“° News Worthy

What is CVE-2024-12729?

CVE-2024-12729 is a post-authentication code injection vulnerability found in the User Portal of Sophos Firewall, specifically affecting versions prior to 21.0 MR1 (21.0.1). This vulnerability allows authenticated users to execute arbitrary code remotely within the firewall system. Given that firewalls are critical for network security, their compromise can lead to significant disruptions in an organization's operations, potentially enabling further attacks or unauthorized access to sensitive data.

Technical Details

The vulnerability in question stems from insufficient input validation within the User Portal of Sophos Firewall. Post-authentication, an attacker with valid credentials could exploit this flaw to inject and execute malicious code. The lack of robust safeguards means that even authenticated users may inadvertently or maliciously exploit this flaw, posing a considerable risk to systems relying on the firewall for protection.

Potential Impact of CVE-2024-12729

  1. Unauthorized System Access: The ability to execute code remotely could allow attackers to gain control over the firewall, potentially leading to unauthorized access to sensitive organizational data and networks.

  2. Data Breaches: Exploitation of this vulnerability might facilitate data breaches, exposing critical information stored within the affected systems, which could have severe legal and reputational consequences for organizations.

  3. Increased Attack Surface: Following exploitation, malicious users may establish further attack vectors within the network, enabling additional exploits and enhancing the likelihood of a more widespread compromise, including potential ransomware deployment.

Affected Version(s)

Sophos Firewall 0 < 21.0 MR1 (21.0.1)

News Articles

favicon imageSystemTek

Sophos issues hotfixes for three critical flaws in XG firewall

Sophos has issued hotfixes to resolve three security vulnerabilities in its Firewall products. These flaws, under certain conditions, could enable remote code execution and grant privileged system...

2 weeks ago

favicon imageCyber Security News

Critical Sophos Firewall Vulnerabilities Let Attackers Execute Remote Code

Sophos, a leading cybersecurity firm, recently announced the resolution of three critical security vulnerabilities in its Sophos Firewall product. These vulnerabilities could potentially allow attackers to execute remote code on affected systems.

2 weeks ago

favicon imageBleepingComputer

Sophos Firewall vulnerable to critical remote code execution flaw

Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices.

2 weeks ago

References

https://www.sophos.com/en-us/security-advisories/sophos-s...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database4 News Article(s)
.