Published on: 23 December 2024
Sophos has published a security advisory to address multiple vulnerabilities in Sophos Firewall. The detailed information about the vulnerabilities can be found at:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce
Reports indicated that multiple vulnerabilities (CVE-2024-12727, CVE-2024-12728 and CVE-2024-12729) are at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Successful exploitation of the vulnerabilities could lead to remote code execution or security restriction bypass on the affected system.
Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
System administrators are also advised to follow the security best practice to disable the unnecessary Internet access to the administration interface and user portal of the firewall.