Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 20 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 6227 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Re: KBA 135412 - XG Firewall Vulnerability Notification: Not showing hotfix information in CLI for 1x XG 115w Firewall

Aaron Berger

Hi Sophos Support,

I received the notification regarding vulnerability KBA 135412. I've checked all the ones I manage. All seem ok, except one of my firewalls (XG 115w) is not showing if the hotfix for vulnerability KBA 135412 has been applied. This one did not get a notification in the Control center dashboard if the hotfix had been applied.

Allow auto-install of hotfixes is enabled (has been since setup).

Just in case, I've gone and applied the latest firmware offered via check for new firmware. Have updated to: SFOS 17.5.11 MR-11

In CLI, it lists the hotfix version as "NA".

Appliance Model:                XG115w

Firmware Version:               SFOS 17.5.11 MR-11

Firmware Build:                 661

Firmware Loader version:        0x00000005

HW version:                     XN03

Config DB version:              17.319

Signature DB version:           17.319

Report DB version:                17.319

Webcat Signature version:       0.0.3.115

Web Proxy version:              compiled

SMTP Proxy version:             1.0

POP/IMAP Proxy version:         1.0.0.3.4

Logging Daemon version:         0.0.0.17

AP Firmware:                    11.0.012

ATP:                            1.0.0292

Avira AV:                       1.0.407208

Authentication Clients:         1.0.0019

IPS and Application signatures: 9.17.03

Sophos Connect Clients:         1.4.001

RED Firmware:                   3.0.000

Sophos AV:                      1.0.15519

SSLVPN Clients:                 1.0.007

WAF:                            1.0.0006

Hot Fix version:                N.A

Can anyone help me confirm this firewall has been patched and if not what should I do next?

Many thanks,

Aaron



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to M8ey

    Hi  

    At this time, there is no indication that the attack accessed anything on the local networks behind any impacted XG Firewall. It appears the attack was designed to download payloads intended to exfiltrate XG Firewall-resident data.

    The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access. Passwords associated with external authentication systems such as AD or LDAP are unaffected.

    We are continuing to investigate and expect to release more details of the attack. Please follow https://community.sophos.com/kb/en-us/135412 for further updates.

Children