Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 1359 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CVE-2022-104 - Where to find the Updates ?

n.coker

I found this Link: Fix for vulnerability CVE-2022-104 in Sophos Firewall (v18.5 MR3) | Born's Tech and Windows World (borncity.com) which points out an Critical CVE but i cannot find any informations on my firewals nor here ?!?

Sophos Firewall v18.5 MR3 (18.5.3) and older versions are affected. Sophos released the following hotfixes to close the vulnerabilities on 23 March 2022:

  • Hotfixes for v17.0 MR10 EAL4+, v17.5 MR16 and MR17, v18.0 MR5(-1) and MR6, v18.5 MR1 and MR2, and v19.0 EAP published on March 23, 2022
  • Hotfixes for unsupported EOL versions v17.5 MR12 through MR15, and v18.0 MR3 and MR4 published on March 23, 2022
  • Hotfixes for unsupported EOL version v18.5 GA published on March 24, 2022
  • Hotfixes for v18.5 MR3 published on March 24, 2022
  • Fix included in v19.0 GA and v18.5 MR4 (18.5.4)

Are the Patches deployed as Hotfix or do we Admins have to act  ?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to emmosophos

    Hi Emmanuel,

    Thank you for the article.

    The hot fix has not been applied to my XG115W. The method described in that KB is very cumbersome and does not show which hotfix has not been applied and how many or what was the last hot fix that was applied.

    The application of hot fixes automatically is ticked.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    It would be nice if hot fixes showed up in the log. I searched in Sophos Central in Logs with:

    Log Subtype = System

    Component != DNS

    Component != DHCP Server

    Component != Central Management

    And I can see Anti-virus, ATP, and IPS pattern updates. Would be nice to see hot fixes as well. IN which case, you could generate an automatic report. (Though of course there wouldn't be a report for a hot fix NOT being offered. I would assume a failure to update should be recorded, though.)

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?