XG Firewall Vulnerability Notification
|Sophos received a report on April 22, 2020, regarding a suspicious field value visible in the XG Firewall management interface. The incident was determined to be a SQL injection attack against physical and virtual XG Firewall units.|
Sophos has already applied a hotfix that prevents this intrusion. Sophos has contacted customers today to disclose this information to them and advise them of next steps. In addition to the hotfix, impacted customers need to take additional steps to fully remediate this issue. A full background of this incident can be found in KBA 135412.
We continue to closely monitor this incident and will provide further updates as appropriate.
Sophos regrets any inconvenience this incident has caused.