KBA Rapida 105 11 KBA Rapida 164 11 t (h) 120 110 100 90 80 70 60 50 40 30 20 10 0 CleanTronic CleanTronic is a multi-purpose washing system for rollers, blankets and impression cylinders. The blankets and impression cylinders are washed sequentially with a swing-action washing beam. Washing programs can be defined and selected. Overview This article outlines the remediation steps for any XG Firewall with a severed connection to Central Firewall Manager (CFM). Note: These steps are not required for Sophos Central managed devices. The following sections are covered: How to identify an XG Firewall with a severed CFM connection Start remediation process by resetting management settings on XG Firewall Next steps to. 2020年4月25日,Sophos发布了知识库文章(KBA) 135412,警告存在一个预认证SQL注入(SQLi)漏洞,该漏洞会影响XG防火墙产品线。根据Sophos的说法,这个漏洞至少从2020年4月22日起就被利用了。在知识库文章发布后不久,. On April 25, 2020, Sophos published a knowledge base article (KBA) 135412 which warned about a pre-authenticated SQL injection (SQLi) vulnerability, affecting the XG Firewall product line. According to Sophos this issue had been actively exploited at least since April 22, 2020.
From Used Printing Machines comes this rare large format eight color KBA coater press for a fair price. Should sell quickly, please call if you have interest.
- 40 x 55 inch eight-color format
- Dedicated tower coater with extended delivery
- Harris & Bruno Anilox coating system with chambered doctor blade
- Densitronic basic
- Non-stop feeder & delivery
- Steel plate in feeder
- FAPC: fully-automatic plate change
- Alcolor Vario dampening
- Automatic impression cylinder wash
- Technotrans Beta C
- Ink temperature control
- Eltosch UV
- IR dryer with hot-air knives
- Weko AP262 Powder spray
- Approximately 165mm impressions
Fixing SQL injection vulnerability and malicious code execution in XG Firewall/SFOS
Note: The attack for this vulnerability was possible ONLY if the affected systems were configured with *either* the administration (HTTPS service) or the User Portal exposed on the WAN zone.
We recommend VPNs are used to access the unit for users and either VPNs or Sophos Central for administrative management. See: KB Article https://community.sophos.com/kb/en-us/135414
![Kba 135412 Kba 135412](/uploads/1/1/8/5/118505742/191275281.png)
The Attack Details
The attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices. It was designed to download payloads intended to exfiltrate XG Firewall-resident data. The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access. Passwords associated with external authentication systems such as AD or LDAP are unaffected. At this time, there is no indication that the attack accessed anything on the local networks behind any impacted XG Firewall.
There are two scenarios here:
Scenario 1 (Uncompromised)
Sophos Kba 135412
A hotfix was automatically applied to the firewall from Sophos
Kba 135412
Note!: If you have disabled “Allow automatic installation of hotfixes”, please reference the following KBA for instructions on how to apply the required hotfix: https://community.sophos.com/kb/en-us/135415
Actions Required for Scenario 1 (Uncompromised) – if Hotfix was applied, no further action (other than upgrading to the latest firmware which is always recommend)
Scenario 2 (Compromised)
Hotfix applied and successfully remediated a compromised firewall
Note: If you have disabled “Allow automatic installation of hotfixes”, please reference the following KBA for instructions on how to apply the required hotfix: https://community.sophos.com/kb/en-us/135415
Note: If you have disabled “Allow automatic installation of hotfixes”, please reference the following KBA for instructions on how to apply the required hotfix: https://community.sophos.com/kb/en-us/135415
Actions Required for Scenario 2 (Compromised) For compromised XG Firewall devices that have received the hotfix, we strongly recommend the following additional steps to fully remediate the issue:
- Reset portal administrator and device administrator accounts
- Reboot the XG device(s)
- Reset passwords for all local user accounts
- Although the passwords were hashed, it is recommended that passwords are reset for any accounts where the XG credentials might have been reused
Note: While customers should always conduct their own internal investigation, at this point Sophos is not aware of any subsequent remote access attempts to impacted XG devices using the stolen credentials.
What firmware versions of XG Firewall (SFOS) were impacted?
The vulnerability affected all versions of XG Firewall firmware on both physical and virtual firewalls. All supported versions of the XG Firewall firmware / SFOS received the hotfix (SFOS 17.1, 17.5, 18.0). Customers using older versions of SFOS can protect themselves by upgrading to a supported version immediately.
The vulnerability affected all versions of XG Firewall firmware on both physical and virtual firewalls. All supported versions of the XG Firewall firmware / SFOS received the hotfix (SFOS 17.1, 17.5, 18.0). Customers using older versions of SFOS can protect themselves by upgrading to a supported version immediately.
Full Sophos KB 135412 is HERE