This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security update for users of Web Application Firewall (WAF) in Sophos XG Firewall

Hi Everyone,

A cross-site scripting (XSS) vulnerability within the WAF component of the Sophos XG Firewall operating system (SFOS) discovered. For customers running SFOS version 16 and above that use the default setting of automatic updates, the security update will be automatically installed, and there is no action required.

Please refer to the article Security update for users of Web Application Firewall (WAF) in Sophos XG Firewall.

This thread was automatically locked due to age.

0 mxull over 7 years ago

Hi Haridoss,

how ca we check if the hotfix was installed ?

Regards,
Max
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 7 years ago in reply to mxull

Hi Max,

Please take a look at the KB article here.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 mxull over 7 years ago in reply to sachingurung

Hi sachingurung,

thanks for the reply but the KB does not answer the question.

To check if it was installed grep "sfsysupdate_waf_logging" in the u2d log.

Kind Regards,
Max
Cancel
Vote Up 0 Vote Down

Cancel
0 Charmacas over 7 years ago in reply to mxull

And how am I able to update manually? There is a note about that in the KB article but no real explanation.
Cancel
Vote Up 0 Vote Down

Cancel