TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Sophos XG Firewall comes under SQL injection attack; Hotfix released

Earlier this week, Sophos came to know about an SQL injection vulnerability in its XG Firewall. Upon investigation, Cybersecurity firm Sophos found out that physical and virtual XG Firewall units came under attack, which affected systems configured with either the administration (HTTPS service) or the User Portal exposed to the WAN zone. The company has since then released a security update patching a zero-day vulnerability in one of its products.

Sophos Firewall

Sophos Firewall encounters SQL injection vulnerability

In this attack, hackers managed to exploit previously unknown SQL injection vulnerability, which could help them gain access to exposed XG devices.

In its recent security advisory, Sophos wrote:

“The attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices. It was designed to download payloads intended to exfiltrate XG Firewall-resident data.”

Once exploited, affected systems would download payload that was designed to exfiltrate resident data on Sophos XG Firewall.

The company deployed a hotfix to all supported XG Firewall and SFOS versions to neutralize threats posed by the SQL injection vulnerability and prevent further exploitation. According to Sophos, this would the XG Firewall from accessing any attacker infrastructure and clean up any “remnants” from the attack.

Affected data includes usernames and hashed passwords for the local device admin, portal admins, and user accounts used for remote access, depending on specific configurations for specific firewalls. According to passwords linked with external authentication systems like AD or LDAP remain unaffected.

“At this time, there is no indication that the attack accessed anything on the local networks behind any impacted XG Firewall.”

Are you Sophos XG Firewall customer?

If you are Sophos XG Firewall customer, you can check whether your firewall was affected by the vulnerability. Sophos XG management interface includes an alert that indicates whether or not your XG Firewall was affected by this attack. Sophos recommends additional steps, as follows:

  • Reset portal administrator and device administrator accounts
  • Reboot the XG device
  • Reset passwords for all local user accounts
  • Reset password for any account where the XG credentials might have been reused

The attack caused trouble to all versions of XG Firewall firmware on both physical and virtual firewalls. The XG Firewall firmware/SFOS received the hotfix version SFOS 17.1, 17.5, 18.0 apply all the supported versions. Meanwhile, customers on older versions of SFOS are advised to upgrade to a supported version immediately.

Published on Tags:

TanmayPatange@TWCN

Tanmay loves writing about Technology, Internet, Apps, Social Media, and Cybersecurity. He also tracks OTT video content streaming space and likes to spend his weekends watching plays. You can contact him on Twitter @techtsp.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap