Exim - CVE-2020-12783 - is Sophos UTM affected?

We and our customers would also like to know that? Can we get a statement from Sophos?

Best regards,

Florian

Hallo Stephan & Florian,

It will be quicker to open a case with Sophos Support.  Since the CVE was only assigned 4 weeks ago, I would be surprised if a fix already had been applied.

I any case, I can't imagine this could present a problem unless you've configured the SMTP Proxy to do 'Authenticated Relay', a feature I recommend against using (Basic Exchange setup with SMTP Proxy).

Cheers - Bob

Hello Bob,

The Exim version of our SG showed "Exim version 4.82_1-5b7a7c0-XX #2 built 20-Nov-2019 13:07:28".

A colleague of mine did open a ticket with sophos now. Guess we will have to wait and see.

Thanks,

Florian

The developers normally apply patches instead of going to the effort of integrating a new version.

Cheers - Bob

It might be, that someone is already trying and using it to attack UTMs.

Look at this post thread:

https://community.sophos.com/products/unified-threat-management/f/general-discussion/121721/very-high-cpu-load-since-installing-9-703-3---serious-issues-with-logon-to-firewall-management-and-user-portal-and-ssl-vpn-login

Interesting, Alexander.  He IS using Authenticated Relay.  I'd forgotten about this vulnerability.  You might mention this thread on his thread.

Cheers - Bob

Hello Stephan and everyone in this Thread!

This is now being investigated under NUTM-12159, more info to come. 

Regards,

Hello All,

Dev confirmed the UTM is not affected by CVE-2020-12783 as we don't support SPA authentication.

Regards,