Hi XG Community!
We’ve released XG Firewall 17.5 MR12. Initially, the firmware will be available by manual download from the Licensing Portal. We will gradually release the firmware via auto-update to customers.
Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.
Note: The upgrade from version 17.5 MR12 to 18.0 will follow soon.
- Security Release
- Fixes SQL injection vulnerability and malicious code execution in XG Firewall/SFOS detailed out in KBA135412
Note: Hotfix referenced in KBA135412 is NOT required for 17.5 MR12 as CVE-2020-12271 has been fixed in this release version.
- NC-59408 [API Framework, UI Framework] SQLi prevention in hybrid request – ORM fields and mode parameters (CVE-2020-12271)
- NC-58898 [Email] Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503)
- NC-59300 [Email] Blind pre-auth SQLi in spxd on port 8094
- NC-59454 [UI Framework] Enable apache access logs
To manually install the upgrade, you can download the firmware from the Licensing Portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.
Net Universe offers all Sophos Devices and subscritpions also consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/sophos.