Advisory: Security update for users of Web Application Firewall (WAF) in Sophos XG Firewall

A cross-site scripting (XSS) vulnerability within the WAF component of the Sophos XG Firewall operating system (SFOS) has been discovered.

An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. The vulnerability could be used for unauthenticated remote code execution. Our investigations have found no evidence of the vulnerability being exploited.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Firewall

For customers running SFOS version 16 and above that use the default setting of automatic updates, the security update will be automatically installed, and there is no action required.

Customers who have changed their default settings will need to apply the update manually.

Customers who do not have the WAF turned on are not vulnerable but will proactively receive the security update.


SFOS version Security update distributed
Version 16.01 and above

Version 17 (all releases)
December 29, 2017
Version 15 (all releases) Upgrade to current SFOS version
  • What products are affected?
    • Firewall and UTM appliances running SFOS (could be running Sophos or Cyberoam hardware)
  • Which product versions are affected?
    • All versions of SFOS
  • Exception
    • Sophos UTM customers who are not running SFOS
    • Cyberoam customers who are not running SFOS

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.


  • No Related Posts

Leave a Reply