Hej,
in v17.1 are many CVEs included. v17.1 are not available for XG85, so we can not close these CVEs like:
NC-25746 [Mail Proxy] CVE-2012-4929: SSL/TLS CRIME Vulnerability on port 8094
NC-29757 [Email] CVE-2011-1473: POP/IMAP - Secure Client-Initiated Renegotiation vulnerability
NC-28815 [Network Services] CVE-2018-5732 and CVE-2018-5733: DHCP vulnerabilities
NC-22122 [UI] CVE-2007-6750: Apache Partial HTTP Request Denial of Service Vulnerability for port 8443, 443, 4444
NC-29650 [WAF] CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request
NC-25745 [Web] CVE-2016-2183, CVE-2016-6329: SWEET32 SSL/TLS Vulnerability and Triple DES on port 8090
NC-30766 [Firewall] Unauthenticated XSS in diagnostics component
NC-30830 [IPsec] CVE-2018-10811 & memleak: Import upstream strongswan patches
I think this is a big problem. So when will come an v17.1 release for XG85? In my opinion the communication of Sophos to this community is very bad.
Regards,
Steppenwolf
This thread was automatically locked due to age.
