CVE-2020-15069 Sophos XG Firewall Buffer Overflow Vulnerability
Read more about “CVE-2020-15069 Sophos XG Firewall Buffer Overflow Vulnerability” and the most important cybersecurity news to stay up to date with
CVE-2020-15069 is a critical security vulnerability identified in Sophos XG Firewall versions 17.x through v17.5 MR12. This flaw allows for a buffer overflow and remote code execution via the HTTP/S Bookmarks feature in the User Portal. Sophos addressed this issue by releasing hotfix HF062020.1 for all affected firewalls running v17.x.
What is Vulnerable to CVE-2020-15069
The vulnerability affects physical and virtual instances of Sophos XG Firewall versions 17.x up to v17.5 MR12 that have the User Portal exposed on the Wide Area Network (WAN). Notably, XG Firewall v18 is not impacted by this issue.
Mitigation and Remediation for CVE-2020-15069
To mitigate and remediate this vulnerability, Sophos recommends the following steps:
Apply the Hotfix: Ensure that your firewall is running a supported version of XG Firewall. Hotfix HF062020.1 has been released for all firewalls running v17.x to remove the vulnerable HTTP/S Bookmarks feature.
Upgrade to SFOS v18: Sophos strongly advises upgrading to SFOS v18, which is not affected by this vulnerability.
Reset Administrator and User Passwords:
- Reset device administrator accounts.
- Reset passwords for all local user accounts.
Disable User Portal Access on WAN: Unless necessary, disable User Portal access on the WAN to reduce exposure.
Detailed instructions for these steps are available in Sophos’s advisory.
Impact of Successful Exploitation of CVE-2020-15069
Exploiting this vulnerability allows an attacker to execute arbitrary code remotely, potentially leading to full system compromise. Given the critical nature of this flaw, it poses significant risks to the confidentiality, integrity, and availability of the affected systems. The National Vulnerability Database has assigned a CVSS v3.1 base score of 9.8 (Critical) to this vulnerability.
Proof of Concept for CVE-2020-15069
As of now, there is no publicly available proof of concept (PoC) for CVE-2020-15069. However, given the severity and potential impact of this vulnerability, it is crucial for organizations to apply the recommended mitigations promptly to safeguard their systems.
For more detailed information and updates, refer to the official Sophos advisory.
Subscribe to WNE Security’s newsletter for the latest cybersecurity best practices, 0-days, and breaking news. Or learn more about “CVE-2020-15069 Sophos XG Firewall Buffer Overflow Vulnerability”