HC3 Sector Alert TLP White: Sophos XG Firewall SQLi Vulnerability Recently Exploited by Asnarök Malware

May 7, 2020

Sophos XG firewall and Sophos Firewall Operating System was found to be vulnerable to SQL injection (SQLi), and was recently exploited by Asnarök Malware. The Sophos XG firewall SQLi vulnerability (CVE-020-12271) may provide an unauthenticated entry point into an IT infrastructure, and allow an attacker to exfiltrate sensitive data including plaintext usernames and hashed passwords of all local user accounts on the appliance, but not from connected systems such as Active Directory and LDAP passwords. Patches that mitigate the vulnerability are available, provided that the appliances or operating systems are supported by Sophos. HC3 encourages all updates be applied or that devices be isolated from the Internet.

Key Resources

Related Resources

Guides/Reports
HC3 TLP Clear: Privileged User Compromise
Public
Special Bulletin
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
Public
Advancing Health Podcast
Going International: The FBI's Global Fight Against Cybercrime
Public
Advisory
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White
Public
Advisory
Hospitals in Florida, Other States Impacted by Effects of Cyberattack on Blood-donation Nonprofit OneBlood
Member
Guides/Reports
CLEAR Crisis Leadership Tip Sheets