Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 10 subscribers
  • Views 4252 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CVE-2019-14899 hijacking VPN connections

ThorstenSult

Hi,

Is it known to what extent Sophos products are affected by the vulnerability?

 

https://www.terabitweb.com/2019/12/06/cve-2019-14899-vpn-flaw-html/



This thread was automatically locked due to age.
Parents
  • +1

    Hi  

    I have received feedback from the development team.

    They have stated that the XG is not affected by this vulnerability as per analysis of this CVE shows that affects route based VPNs.  As the XGs VPN capabilities are only policy based, this should not affect the XG even if the XG acts as a client in the SSL VPN site-to-site configuration.

    There will be a KB article written up to reflect this same information.

    Thanks!

Reply
  • +1

    Hi  

    I have received feedback from the development team.

    They have stated that the XG is not affected by this vulnerability as per analysis of this CVE shows that affects route based VPNs.  As the XGs VPN capabilities are only policy based, this should not affect the XG even if the XG acts as a client in the SSL VPN site-to-site configuration.

    There will be a KB article written up to reflect this same information.

    Thanks!

Children