2022-12-11 00:50:09
کشف 7 آسیب پذیری روی فایروالهای سوفوس
اخیرا 7 آسیب پذیری روی فایروالهای Sophos کشف شده است که همگی آنها در Firmware نسخه 19.5 برطرف و Patch شده اند.
این آسیب پذیریها عبارتند از:
CVE-2022-3236: It was revealed that the User Portal and the Webadmin both had a code injection vulnerability that might lead to remote code execution.
Severity: Critical
CVE-2022-3226: During the course of Sophos’s internal security testing, an OS command injection vulnerability that enabled administrators to run malware over SSL VPN configuration uploads was identified by the company.
Severity: HIGH
CVE-2022-3713: During the course of Sophos’ internal security testing, a code injection vulnerability that may potentially be exploited by nearby attackers to gain execution privileges in the Wifi controller was uncovered. In order for this to work, attackers need to be connected to an interface that has the Wireless Protection service turned on.
Severity:HIGH
CVE-2022-3696: An external security researcher uncovered a post-auth code injection vulnerability in Webadmin that allowed administrators to execute code. This vulnerability was appropriately revealed to Sophos by the researcher. The vulnerability was discovered via the Sophos bug bounty program.
Severity:HIGH
CVE-2022-3709: An external security researcher made the discovery of a cached XSS vulnerability in the Webadmin import group wizard that allowed for privilege escalation from admin to super-admin. This vulnerability was appropriately notified to Sophos by the researcher. The vulnerability was discovered via the Sophos bug bounty program.
Severity:MEDIUM
CVE-2022-3711: An external security researcher found a post-auth read-only SQL injection vulnerability in the User Portal that allowed users to access non-sensitive configuration database contents. The researcher then responsibly revealed the issue to Sophos so that the company could address it. The vulnerability was discovered via the Sophos bug bounty program.
Severity:MEDIUM
CVE-2022-3710: An independent security researcher uncovered a post-auth read-only SQL injection vulnerability in the API controller that allowed API clients to view non-sensitive configuration database contents. This issue was properly revealed to Sophos by the independent security researcher. The vulnerability was discovered via the Sophos bug bounty program.
Severity:LOW توصیه می شود Firmware فایروالها را به نسخه 19.5 ارتقا دهید. (از اینجا هم می توانید دانلود کنید)
توصیه می شود مطابق این پست، همواره دسترسی به سرویس های SSH، Web Admin و User Portal را از روی WAN مسدود کنید.
شرکت مدبران ارائه کننده فایروالهای Sophos در کشور
درخواست مشاوره: @Kiaeifar
www.modaberan.ir
@Sophos_Firewall
کانال آموزشی فایروالهای Sophos
6.4K viewsعلی کیائیفر, edited 21:50