Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
0-DAY vulnerability in SOPHOS XG FIREWALL/SFOS
Image
Publié : 28/04/2020
Reference:
Advisory #2020-014
Version:
1
Affected software:
Sophos XG Firewall [SFOS] 17.0
Sophos XG Firewall [SFOS] 17.1
Sophos XG Firewall [SFOS] 17.5
Sophos XG Firewall [SFOS] 18.0
Type:
Remote Code Execution [RCE]
Sources
https://community.sophos.com/kb/en-us/135412
https://news.sophos.com/en-us/2020/04/26/asnarok/
https://community.sophos.com/kb/en-us/135414
https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/
Risks
Successful exploitation of this vulnerability may allow an attacker to execute code remotely on the affected versions of the Sophos XG Firewall.
Attackers are actively exploiting this vulnerability and can leverage the vulnerability to download a payload or use it to exfiltrate data like usernames and hashed passwords.
Recommended Actions
CERT.be recommends applying the updates released by the vendor if your configuration didn’t apply the patches automatically. CERT.be recommends limiting publicly accessible administration and configuration tools to an absolute minimum.
It is recommended to apply the following steps even if the devices were patched:
- Reset device administration accounts, https://community.sophos.com/kb/en-us/123732
- Reboot the XG device(s)
- Reset passwords for all local user accounts