![xg firewall unreplied violation xg firewall unreplied violation](https://nakedsecurity.sophos.com/wp-content/uploads/sites/2/2014/05/mark-zuckerberg_250.jpg)
On April 26, Sophos published a separate article, “ Asnarök Trojan targets firewalls,” which analyzes the components and intent of the attack in greater detail and provides a better understanding of the malware used in one of the attacks. As for Active Directory and LDAP passwords, Sophos says these were not compromised during the attacks. However, Sophos did confirm that exploitation of this flaw would allow an attacker to exfiltrate “XG Firewall-resident data,” which depending on the configuration, could include local user account credentials, such as usernames and hashed passwords.
![xg firewall unreplied violation xg firewall unreplied violation](https://community.sophos.com/cfs-file/__key/communityserver-discussions-components-files/51/DHCP_5F00_IGW_5F00_Relaying.png)
Further information about this vulnerability has not been made public. AnalysisĬVE-2020-12271 is a pre-authentication SQL injection vulnerability that exists in the Sophos XG Firewall/Sophos Firewall Operating System (SFOS). They discovered that this also affected systems when the port used for the administration interface or user portal was also used to expose a firewall service, such as the SSL VPN. The attack targets the XG Firewall administration interface, which is accessible via the user portal, over HTTPs, or on the WAN zone. According to Sophos, they were able to identify “an attack against physical and virtual XG Firewall units” after reviewing the report of a “suspicious field value” in the XG Firewall’s management interface. On April 22, Sophos published a knowledge base entry on the Sophos Community regarding the discovery of a zero-day vulnerability in the Sophos XG Firewall that was exploited in the wild.
![xg firewall unreplied violation xg firewall unreplied violation](https://community.sophos.com/resized-image/__size/640x480/__key/communityserver-discussions-components-files/126/pastedimage1617181340207v2.png)
Sophos pushes a hotfix to address a SQL injection vulnerability in Sophos XG Firewall that was exploited in the wild.