SOPHOS Product Security Update Advisory

Dec 23 2024

Overview

An update has been released to address vulnerabilities in SOPHOS Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-12727

Sophos Firewall versions: 21 GA, 20 GA, 20 MR1, 20 MR2, 20 MR3, 19.5 MR3, 19.5 MR4, 19.0 MR2

CVE-2024-12728

Sophos Firewall versions: 21 GA, 20 GA, 20 MR1, 19.5 GA, 19.5 MR1, 19.5 MR2, 19.5 MR3, 19.5 MR4, 19.0 MR2, 20 MR2

CVE-2024-12729

Sophos Firewall versions: 21 GA, 20 GA, 20 MR1, 20 MR2, 19.5 GA, 19.5 MR1, 19.5 MR2, 19.5 MR3, 19.5 MR4, 19.0 MR2, 19.0 MR3, 20 MR3

Resolved Vulnerabilities

Pre-authentication SQL injection vulnerability with potential for remote code execution in certain settings in the email protection feature (CVE-2024-12727)

Credential vulnerability with potential system administrator privilege access via SSH (CVE-2024-12728)

Post-authentication code injection vulnerability in the user portal that could allow remote code execution by authenticated users (CVE-2024-12729)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-12727, CVE-2024-12729

Sophos Firewall versions: 21 MR1 or later version

CVE-2024-12728

Sophos Firewall versions: 20 MR3, 21 MR1 or later version

Referenced Sites

[1] Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)

https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce

SOPHOS Product Security Update Advisory

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory

Microsoft Edge browser (131.0.2903.112) Version Security Update Advisory

Tags:

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory

Microsoft Edge browser (131.0.2903.112) Version Security Update Advisory