Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 1359 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CVE-2022-104 - Where to find the Updates ?

n.coker

I found this Link: Fix for vulnerability CVE-2022-104 in Sophos Firewall (v18.5 MR3) | Born's Tech and Windows World (borncity.com) which points out an Critical CVE but i cannot find any informations on my firewals nor here ?!?

Sophos Firewall v18.5 MR3 (18.5.3) and older versions are affected. Sophos released the following hotfixes to close the vulnerabilities on 23 March 2022:

  • Hotfixes for v17.0 MR10 EAL4+, v17.5 MR16 and MR17, v18.0 MR5(-1) and MR6, v18.5 MR1 and MR2, and v19.0 EAP published on March 23, 2022
  • Hotfixes for unsupported EOL versions v17.5 MR12 through MR15, and v18.0 MR3 and MR4 published on March 23, 2022
  • Hotfixes for unsupported EOL version v18.5 GA published on March 24, 2022
  • Hotfixes for v18.5 MR3 published on March 24, 2022
  • Fix included in v19.0 GA and v18.5 MR4 (18.5.4)

Are the Patches deployed as Hotfix or do we Admins have to act  ?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to JasP

    There is a website to keep an eye to it. https://www.sophos.com/en-us/security-advisories

    Essentially if there are action to do, you will find notifications likely to be in place. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I am sure you can see the deficiencies in a website that has to be regularly checked for updates. A mailing list would be a much more useful solution, giving immediate notification. From a security point of view, a firewall is the most exposed part of most people's networks. I want to know about relevant CVEs immediately. Baring in mind the amount of marketing crap that most companies managed to send people, it can't be much of a challenge to setup a mailing list for this.

  • 0 in reply to JasP

    The report is very nice, but does not advise how you update your XG/XGS or whether the 'hot fixes' haver been applied. In previous versions of XG the hot fix was displayed in the GUI for a number of days, usually until a reboot was performed.

    So, how do I tell if there hotfix has been applied to my XG115W?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hello rfcat,

    Thank you for reaching out.

    Take a look at this KB on the command to run to show if the hotfix has been applied.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Emmanuel,

    Thank you for the article.

    The hot fix has not been applied to my XG115W. The method described in that KB is very cumbersome and does not show which hotfix has not been applied and how many or what was the last hot fix that was applied.

    The application of hot fixes automatically is ticked.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    It would be nice if hot fixes showed up in the log. I searched in Sophos Central in Logs with:

    Log Subtype = System

    Component != DNS

    Component != DHCP Server

    Component != Central Management

    And I can see Anti-virus, ATP, and IPS pattern updates. Would be nice to see hot fixes as well. IN which case, you could generate an automatic report. (Though of course there wouldn't be a report for a hot fix NOT being offered. I would assume a failure to update should be recorded, though.)

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?