Sophos Firewall

Discussions CVE-2022-0778 for Sophos XG and XGS firewalls

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
+1 person also asked this people also asked this
Locked Locked
Replies 3 replies
Answers 1 answer
Subscribers 29 subscribers
Views 780 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CVE-2022-0778 for Sophos XG and XGS firewalls

John huong over 3 years ago

Are the Sophos XG and XGS firewalls affected by CVE-2022-0778 ?

This thread was automatically locked due to age.

0 Wayne Folta over 3 years ago

Had to go look it up: "The issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what's called an "infinite loop." The flaw resides in a function called BN_mod_sqrt () that's used to compute the modular square root." Which can result in a denial-of-service on the server end.
Cancel
Vote Up 0 Vote Down

Cancel
0 John huong over 3 years ago in reply to Wayne Folta

Yeah so is the openssl used in Sophos firewalls affected? I did read Sophos UTM is affected from another forum.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago

Hello John

Thank you for contacting the Sophos Community.

Sophos is aware of this one and working on it under NC-86953

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Share Feedback

×

Submitted a Tech Support Case lately from the Support Portal?