CVE-2022-1040 Sophos Firewall with score 9.8/10

There is another thread abut this here - https://community.sophos.com/sophos-xg-firewall/f/discussions/133571/cve-2022-104---where-to-find-the-updates

Yes it is fixed (as long as you have auto update for hotfixes ticked) but in Sophos style, the notification and verification could be much better.

There is another thread abut this here - https://community.sophos.com/sophos-xg-firewall/f/discussions/133571/cve-2022-104---where-to-find-the-updates

Yes it is fixed (as long as you have auto update for hotfixes ticked) but in Sophos style, the notification and verification could be much better.

Hi all,
for me, the command does not even work. I opened a console via SSH and pasted the command as is and it says "command exceeds 1024 characters". If I remove the echo commands then it complains about the test command being unknown. So what am I doing wrong here?

However, I found another command which at least shows some information:
system diagnostics show version-info

It says "Hot Fix version: 1", could this mean that a hotfix has been applied? Apart from that, I strongly agree with Gabriele that the firewall should offer at least version information for hotfixes as you have no idea if this specific hotfix has been applied or not (especially in cases where multiple hotfixes may have been applied).

Regards
Ben

You need to do this command from the advanced shell (Option 5 - 3) not the Console. 

Thank you for the fast reply!