An Official remediation was released (Avoid SQL injection attack encountered in Sophos XG Firewall) – 26th April 2020.

Preface: The modern user friendly functions installed on firewall impact his defense function.

Background: When device provide web page input user credential, perhaps it will facing injection attack. Yes, it is. No matter, SQL injection or command injection. Especially like firewall design. It is capable support and integrate of LDAP authentication or standalone authentication mode. From security point of view, Firewall service daemon should separate with it operating system kernel. And therefore the related firewall admin ID file (shadow) do not save in etc folder. It make in separate area. In the sense that if it function can support SSL VPN services. So, it should a place to store the user credential when user setup in standalone mode. Whereby it should encounter injection attack. If the credential stores in repository. It will effect by SQL injection.

Details: By investigating physical and virtual XG Firewall units, Sophos confirmed its XG Firewall has design weakness. This attack will depending on firewall setup.

Impact: Steal data from the firewall including “usernames and hashed passwords.

Remedy: https://community.sophos.com/kb/en-us/135415

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.