Resolved – Advisory: Sophos XG Firewall – Exim Remote Code Execution vulnerability

Sophos is aware of a vulnerability in the 3rd party component Exim that is used in Sophos XG Firewall. This vulnerability only applies if a customer has enabled email protection and recipient verification is disabled. This article describes the recommended steps to secure the XG Firewall if customers are using the email protection functionality.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos XG Firewall version 17.5.5.433, 17.5.3.372, 17.5.4.429, 17.5.0.321 and 17.5.3.347.

CVE-2019-10149: Exim RCE described here.

The following XG Firewall versions are impacted if email protection is used and Recipient verification is not turned on.

  • SF 17.5.5.433
  • SF 17.5.3.372
  • SF 17.5.4.429
  • SF 17.5.0.321
  • SF 17.5.3.347

To verify your Firewall firmware and build versions, use the following console command:

system diagnostics show version-info

To prevent the Exim Remote Code Execution (RCE), XG admin could configure XG Firewall more securely. Log in to XG webadmin console and do the following for each active SMTP policy:

  • Enable Recipient verification – via call out method or via Active directory lookup whichever is applicable to your internal domain.

A hotfix has been released and pushed to all affected XG Firewalls.

To validate that your XG Firewall has received the hotfix, run the following console command:

system diagnostics show version-info

The Hot Fix version should be 7.

Note: Other Sophos email protection products such as Sophos Email Appliance and Sophos UTM were both not affected by this vulnerability. Sophos Email Appliance uses Postfix. Sophos UTM also uses Exim but the version is different and it is not affected by CVE-2019-10149.

Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

Leave a Reply