Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 30 subscribers
  • Views 1705 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG v18 MR1-396 Failing SecurityMetrics PCI Compliance Scans

AllanD

I recently upgraded my XG from v17.5 MR12 to v18.1 MR1-396.  Everything went mostly fine other then some clean up.  However I just had my PCI compliance scan done and it's failing due to "CPU Based Vulnerabilities for Linux 3.0":

 

 

I asked them if there was a port open or not and they said it looks like it's coming from the firewall itself.  I asked what I can do and they said upgrade the firmware to the latest version to which I told them I already have.  Now I'm kinda stuck because they can't pass me with the issue but I also really don't want to wipe and go back to 17.5 MR12.

 

Any options?  Is anyone else having this issue on 18 that wasn't on 17?



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    You can check the Linux kernel version by running the following commands on your firewall: uname -a or uname -r from the advanced shell. 

    XG125_XN03_SFOS 18.0.1 MR-1-Build396# uname -a
    Linux localhost 4.14.38 #2 SMP Fri Jun 5 22:28:42 UTC 2020 x86_64 GNU/Linux

    XG v18 does not use Linux kernel 3.0, as you can see in the above result. 

    I would advise you to contact your PCI compliance auditor to check how they have got this result? 

    Thanks,

  • 0 in reply to FormerMember

    Got it.  I'll check with them.  The weird thing is the only *nix machine we have internally is a single Ubuntu machine running PiHole and nothing else which of course wouldn't be published anyway.  So I don't know where they are getting this from but they are convinced it's the firewall itself.

     

    I'll run that command and send them a screen shot and see what they say.

Reply
  • 0 in reply to FormerMember

    Got it.  I'll check with them.  The weird thing is the only *nix machine we have internally is a single Ubuntu machine running PiHole and nothing else which of course wouldn't be published anyway.  So I don't know where they are getting this from but they are convinced it's the firewall itself.

     

    I'll run that command and send them a screen shot and see what they say.

Children
  • +1 in reply to AllanD

    I'm almost sure it's a false positive.

    Doing a tcp/ip fingerprint scan with nmap shows my XG box as:

     

    Device type: phone
    Running: Google Android 7.X, Linux 3.X
    OS CPE: cpe:/o:google:android:7.1.2 cpe:/o:linux:linux_kernel:3.10

     

    Also, as shown before by , XG v18 MR-1 uses Linux 4.14.38.

     

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

Cookie Information Banner