CVE-2024-12728

Published Dec 19, 2024

Last updated 2 months ago

CVSS critical 9.8

Overview

Description
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).
Source
security-alert@sophos.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-alert@sophos.com
CWE-1391

Social media

Hype score
Not currently trending

  1. Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) 2024/12/19 https://t.co/hqwe1s1qux

    @tdatwja

    26 Dec 2024

    227 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. به تازگی ۳ آسیب پذیری از نوع SQL injection و RCE و privileged SSH access با کدهای شناسایی CVE-2024-12727 و CVE-2024-12728 و CVE-2024-12729 برای فایروال سوفوس منتشر شده است. https://t.co/Poz3aKYxT1 https://t.co/RoU9Vf7NlH

    @AmirHossein_sec

    26 Dec 2024

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Sophos publie des correctifs pour plusieurs vulnérabilités critiques (CVE-2024-12727, CVE-2024-12728 et CVE-2024-12729) dans ses pare-feu : risques d'exécution de code à distance et d'accès non autorisé. https://t.co/fkXPqfhyvq

    @cert_ist

    23 Dec 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-12728,CVE-2024-12727 alert 🚨 Mutiples vulnerability in Sophos XG Firewall The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec https://t.co/lBlGIIxam0

    @Patrowl_io

    23 Dec 2024

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) | Sophos https://t.co/gIvDMHZbNp

    @jsisen

    23 Dec 2024

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 New Vulnerabilities 🚨 Sophos Firewall - RCE and Privilege Escalation Vulnerabilities (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) Read More: https://t.co/HjpIvs65J8 https://t.co/LDhXnUt0Ou

    @cyberlearnorg

    21 Dec 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) URL: https://t.co/fqhIytYCf5 Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8

    @samilaiho

    21 Dec 2024

    733 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. Sophos Güvenlik Duvarı Ürünlerinde Kritik Güvenlik Açığı Sophos, kritik güvenlik açıklarını düzeltmek için yamalar yayımladı. CVE-2024-12727, CVE-2024-12728 ve CVE-2024-12729 kodlu açıklar. https://t.co/WgvmymT0cQ #SophosFirewall #SiberGüvenlik #GüvenlikAçığı

    @secloot

    20 Dec 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Sophos Critical Firewall Vulnerabilities Patched (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) 🚨 Severity: 9.8/8.8 (Critical) Impact: Risks of remote code execution and unauthorized privileged access. ➡️ Sophos has issued hotfixes. Update immediately to secure your… http

    @arunpratap786

    20 Dec 2024

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Sophos Critical Firewall Vulnerabilities Patched (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) 🚨 Severity: 9.8/8.8 (Critical) Impact: Risks of remote code execution and unauthorized privileged access. ➡️ Sophos has issued hotfixes. Update immediately to secure your… http

    @arunpratap786

    20 Dec 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Sophos fixes Triple Critical Vulnerabilities in its Firewall #Sophos #CVE-2024-12727 #CVE-2024-12728 #CVE-2024-12729 https://t.co/HA6vYJSNCK

    @pravin_karthik

    20 Dec 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Sophos Firewall 脆弱性(CVE-2024-12727、CVE-2024-12728、CVE-2024-12729)を修正 Email Protection機能における事前認証型SQLインジェクションの脆弱性 CVE-2024-12727 CVSS9.8 Criticalなど、緊急度の高い脆弱性が含まれています。なお、ホットフィックスの自動更新が有効の場合は対応不要です。 https://t.co/vIBRwcnAOD

    @t_nihonmatsu

    20 Dec 2024

    493 Impressions

    2 Retweets

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Security Advisories - Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) https://t.co/HR9C3ul01T

    @abdda149

    20 Dec 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨🚨CVE-2024-12727 and More: Sophos Issues Urgent Firewall Security Update CVE-2024-12727 (CVSS 9.8): Pre-auth SQL Injection CVE-2024-12728 (CVSS 9.8): Insecure SSH Passphrase CVE-2024-12729 (CVSS 8.8): Post-auth Code Injection ZoomEyeGPT Search Query:Search for assets… https://

    @zoomeye_team

    20 Dec 2024

    859 Impressions

    4 Retweets

    11 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  15. 🚨🚨CVE-2024-12727 and More: Sophos Issues Urgent Firewall Security Update CVE-2024-12727 (CVSS 9.8): Pre-auth SQL Injection CVE-2024-12728 (CVSS 9.8): Insecure SSH Passphrase CVE-2024-12729 (CVSS 8.8): Post-auth Code Injection ZoomEyeGPT Search Query:Search for assets… https://

    @zoomeye_team

    20 Dec 2024

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Sophos Firewallに重大(Critical)な脆弱性複数。CVE-2024-12727はCVSSスコア9.8で、メール保護機能における認証不要のSQLインジェクション。CVE-2024-12728はHA構成確立時の固定SSHパスワード。修正済み。悪用は確認されていない。 https://t.co/DhWgjihOSF // 自宅ラボの構成が該当しないとは確認済

    @__kokumoto

    20 Dec 2024

    718 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Sophos Issues Urgent Firewall Security Update Discover the significant risks posed by the Sophos Firewall vulnerabilities CVE-2024-12727 (CVSS 9.8), CVE-2024-12728 (CVSS 9.8), and CVE-2024-12729. Stay updated and secure your network https://t.co/AgMDQltSpt

    @the_yellow_fall

    20 Dec 2024

    382 Impressions

    2 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  18. CVE-2024-12728 Weak Credentials Vulnerability in Sophos Firewall Enables SSH System Access There is a weak credentials vulnerability in Sophos Firewall versions before 20.0 MR3 (20.0.3). This issue could let some... https://t.co/6MfFsuabR6

    @VulmonFeeds

    19 Dec 2024

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2024-12728 A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). https://t.co/13vB4hDJ65

    @CVEnew

    19 Dec 2024

    393 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  20. [CVE-2024-12728: CRITICAL] A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).#cybersecurity,#vulnerability https://t.co/G38Zsdv6qZ https://t.co/Rm4fYS4fvd

    @CveFindCom

    19 Dec 2024

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References