CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12728

Medium Severity
SVRS
36/100
CVSSv3
NA/10
EPSS
0.00062/1

CVE-2024-12728 is a weak credentials vulnerability affecting Sophos Firewall versions older than 20.0 MR3 (20.0.3). It could allow unauthorized privileged system access through SSH. Although rated CVSS 0, the vulnerability exists.

The SOCRadar Vulnerability Risk Score (SVRS) is 36, suggesting a lower immediate risk than a critical vulnerability (SVRS > 80), but should still be addressed. Exploitation could lead to unauthorized system control, highlighting the need for patching to the latest Sophos Firewall version to mitigate the risk of potential system compromise and data breach. Addressing this flaw is critical to prevent unauthorized access.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-12-19
LAST MODIFIED2024-12-19
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-12728 is a critical vulnerability affecting older versions of Sophos Firewall (prior to 20.0 MR3) that allows potential unauthorized access to the system through SSH due to weak credentials. This vulnerability has an SVRS score of 10, indicating it is a highly critical threat requiring immediate action.

Key Insights

  • Impact: Successful exploitation of this vulnerability grants attackers privileged access to the Sophos Firewall, enabling them to control the system and potentially access sensitive data or compromise other network resources.
  • Severity: With a CVSS score of 9.8 and an SVRS score of 10, this vulnerability represents a serious threat. The impact is considered high due to the potential for attackers to gain complete control over the firewall.
  • Affected Systems: This vulnerability affects older versions of Sophos Firewall prior to 20.0 MR3 (20.0.3). Users with older versions are urged to update to the latest version as soon as possible.
  • Exploit Status: It's important to note that active exploits for this vulnerability have not been publicly reported at this time. However, the presence of a vulnerability with a high SVRS score indicates the potential for attackers to develop and deploy exploits.

Mitigation Strategies

  • Update to the Latest Version: Immediately update your Sophos Firewall to version 20.0 MR3 or later. Updating will patch the vulnerability and protect your systems.
  • Change Default Credentials: If possible, change the default SSH credentials for your firewall. Avoid using easily guessable passwords and opt for strong, complex credentials.
  • Enable Two-Factor Authentication: Implement two-factor authentication for SSH access to your firewall, adding an extra layer of security and reducing the risk of unauthorized access.
  • Network Segmentation: Segment your network to limit the potential impact of a compromise. Isolate the firewall from other critical systems to prevent attackers from spreading laterally within your network.

Additional Information

For users with specific questions or requiring more detailed information regarding this incident, the 'Ask to Analyst' feature can be utilized. Alternatively, users can reach out to SOCRadar directly or open a support ticket for further assistance.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Tageszusammenfassung - 20.12.2024
CERT.at2025-02-01
Tageszusammenfassung - 20.12.2024 | End-of-Day report Timeframe: Donnerstag 19-12-2024 18:00 - Freitag 20-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News In eigener Sache: CERT.at sucht Junior IT-Security Analyst:in (m/w/d - Vollzeit - Wien) Für unsere laufenden Routinetätigkeiten suchen wir derzeit eine:n Berufsein- oder -umsteiger:in mit Interesse an IT-Security. https://www.cert.at/de/ueber-uns/jobs/ BadBox malware botnet
cert.at
rss
forum
news
🚨 The first Patch Tuesday of 2025 is here!
Mike (Action1)2025-01-14
🚨 The first Patch Tuesday of 2025 is here! | Microsoft and major third-party vendors have released updates for 159 vulnerabilities, including: 3 zero-days 3 with proofs of concept 10 critical vulnerabilities Visit our comprehensive summary for more information: <a class="inline
spiceworks.com
rss
forum
news
Vulnerabilities in Sophos Firewall Could Lead to Remote Attacks.
laseem shayifa2025-01-06
Vulnerabilities in Sophos Firewall Could Lead to Remote Attacks. | Sophos users must keep their firewall devices updated with the latest patches as the vendor addresses multiple security vulnerabilities. The post Vulnerabilities in Sophos Firewall Could Lead to Remote Attacks. appeared first on SecureReading.Sophos users must keep their firewall devices updated with the latest patches as the vendor addresses multiple security vulnerabilities. Exploiting these vulnerabilities could
securereading.com
rss
forum
news
Sophos’ta Kritik Güvenlik Açıkları ve Acil Düzeltmeler
Görkem Hınçer2024-12-27
Sophos’ta Kritik Güvenlik Açıkları ve Acil Düzeltmeler | Sophos, güvenlik duvarı ürünlerinde tespit edilen ciddi güvenlik açıkları nedeniyle acil düzeltmeler yayınladı. Bu açıklıklar, kötü niyetli kişilerin sistemlere uzaktan erişim sağlamasına ve hassas verilere izinsiz ulaşmasına olanak tanıyabiliyor. Açıklıkların Ayrıntıları Tespit edilen üç güvenlik açığının hepsi, Sophos Güvenlik Duvarı&#8217;nın eski sürümlerini etkilemektedir. Bu açıklıklar, şu şekilde sıralanabilir: CVE-2024-12727: E-posta koruma özelliğindeki bir SQL enjeksiyonu açıklığı, belirli koşullar altında uzaktan kod yürütülmesine izin verebilir. CVE-2024-12728: Yüksek Kullanılabilirlik (HA) modunda kullanılan zayıf bir şifre, saldırganların sisteme yetkisiz erişim sağlamasına olanak tanır. CVE-2024
siberguvenlik.web.tr
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
Ajit Jasrotia2024-12-23
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips | The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, [&#8230;] The post ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips appeared first on <a
allhackernews.com
rss
forum
news
Ukraine’s fight to restore critical data. - The CyberWire
2024-12-20
Ukraine’s fight to restore critical data. - The CyberWire | News Content: Russian hackers attack Ukraine’s state registers. NotLockBit is a new ransomware strain targeting macOS and Windows. Sophos discloses three critical vulnerabilities in its Firewall product. The BadBox botnet infects over 190,000 Android devices. BeyondTrust patches two critical vulnerabilities. Hackers stole $2.2 billion from cryptocurrency platforms in 2024. Officials dismantle a live sports streaming piracy ring. Rockwell Automation patches critical vulnerabilities in a device used for energy control in industrial systems. A new report from Dragos highlights ransomware groups targeting industrial sectors. A Ukrainian national is sentenced to
google.com
rss
forum
news
Sophos fixed critical vulnerabilities in its Firewall product
Pierluigi Paganini2024-12-21
Sophos fixed critical vulnerabilities in its Firewall product | Sophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access to devices, and remote code execution. Sophos has addressed three vulnerabilities, respectively tracked as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, in its Sophos Firewall solution. The vulnerabilities impact Sophos Firewall v21.0 GA (21.0.0) and older versions, below are the description for these [&#8230;] Sophos fixed three Sophos Firewall
cve-2020-12271
cve-2024-12728
cve-2024-12727
cve-2024-12729

Social Media

3/10 Beware of #CVE-2024-12728 in #SophosFirewalls - a weak SSH passphrase vulnerability could expose your system. Update to version 21.0 MR1! #CyberAttack #SecureYourNetwork 🔑
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence