Sophos has released hotfixes addressing three security vulnerabilities in Sophos Firewall products that could lead to remote code execution and privileged system access. Two of the flaws (CVE-2024-12727, CVE-2024-12728) are rated critical (CVSS 9.8), with CVE-2024-12727 impacting 0.05% of devices and CVE-2024-12728 affecting 0.5%. CVE-2024-12729 (CVSS 8.8) allows post-auth code injection. These vulnerabilities affect versions 21.0 GA and older but have been fixed in v21 MR1 and other specified updates. Users can verify hotfixes by running diagnostic commands and are advised to restrict SSH access, disable WAN SSH, and avoid exposing the User Portal to WAN as temporary workarounds. This follows recent U.S. charges against a Chinese national for exploiting a separate Sophos firewall vulnerability.

‍