The impact of this issue announcement is high – critical. Please act accordingly to rectify the issue, as stated below.
Buffer overflow in XG Firewall v17.x User Portal
What you need to know:
Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.
Sophos quickly responded and remediated with a hotfix that removes the HTTP/S bookmark functionality for all XG Firewalls running SFOS v17.x. XG Firewall v18 was not impacted.
Actions to be taken:
- Ensure you are running a supported version of XG Firewall
- Hotfix HF062020.1 was published for all firewalls running v17.x
- Additionally, Sophos recommends that XG Firewall customers upgrade to SFOS v18
Sophos strongly recommends following industry best practices and the additional steps below to fully remediate the issue:
- Reset device administrator accounts
- Reset passwords for all local user accounts
- How to identify Local, AD, and Guest users: https://community.sophos.com/kb/en-us/135419
- Local user password reset: https://community.sophos.com/kb/en-us/135493
- How to change the password for local users from the User Portal: https://community.sophos.com/kb/en-us/135495
- Disable User Portal access on the WAN unless necessary
- How to disable User Portal access on WAN: https://community.sophos.com/kb/en-us/135414
What is the impact of not doing the actions?
If exploited, the manipulation with an unknown input leads to a memory corruption vulnerability (Code Execution).