DESCRIPTION:
An SQL injection vulnerability (CVE-2022-15504) was discovered in the User Portal and Webadmin of Sophos XG Firewall, allowing attackers remote code execution.
AFFECTED RELEASES:
Sophos XG Firewall prior to v18.0 MR1
SOLUTION:
1. Users and system administrators of affected products are advised to apply the security updates to v17.5 MR13 and v18 MR-1-Build396 or above immediately, if the version is too old, please upgrade to the support version above first, then install the hotfix.
2. Also can log in to the control panel and enable “Allow automatic installation of hotfixes”. Once automatic hotfix installation is enabled, Sophos XG Firewall checks for hotfixes every thirty minutes and automatically installs the hotfix.
REFERENCE:
1. https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504
2. ttps://www.sophos.com/en-us/security-advisories/sophos-sa-20200710-xg-sqli-rce
3. https://nvd.nist.gov/vuln/detail/CVE-2020-15504
4. https://www.tenable.com/cve/CVE-2020-15504