NCSC statement: Sophos vulnerability

29 Apr 2020 12:44 PM

An NCSC statement following the discovery of a vulnerability affecting the Sophos XG Firewall product.

Image of an antivirus alert on a desktop computer

Last week cyber security company Sophos reported its XG Firewall product had been subject to a Structured Query Language (SQL) injection attack. The company said that customised malware known as ‘Asnarok’ was used to gain access to vulnerable physical and virtual XG Firewall devices.

Sophos have released a hot fix for devices that have auto-update turned on. All customers should take note of the further advice on remediation, whether they have received the hot fix or not.

An NCSC spokesperson yesterday said:

“We are aware of a vulnerability affecting a Sophos firewall product.

“The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities.

“Users should to check their device to ensure auto-updates are turned on and they are using the latest version of the application.”

Further information:

More information can be found at https://news.sophos.com/en-us/2020/04/26/asnarok/
Mitigation advice can be found at https://community.sophos.com/kb/en-us/135412