Sophos' eb Protection Appliance contains severe vulnerabilities that could provide hackers with a launching pad to attack victim organisations.
The trio of flaws, confirmed by Sophos, were present in a previous version of the kit.
The company has patched the flaws.
Austria-based security research firm SEC Consult disclosed the vulnerabilities which could allow adversaries to obtain "unauthorised access to the [Sophos] appliance and plant backdoors or access configuration files containing credentials for other systems...which can be used in further attacks".
These systems include Active Directory or FTP servers, according to SEC Consult.
In addition, saboteurs could steal HTTP traffic including passwords and cookies, as well as HTTPS traffic if the customer has the appliance's HTTPS Scanning feature activated.
HTTPS Scanning was also affected by a flaw allowing attackers to compromise private keys used for SSL certificates installed on client endpoints throughout a victim company.
"These certificates will then pass validation on the client machines, enabling various attacks or further targeting clients (e.g. man-in-the-middle, phishing)," SEC Consult said.
Going after security companies to sign certificates appears to be a trendy tool in the cyber criminal's arsenal. In February, hackers breached Bit9 and accessed its code-signing certs, enabling intruders to digitally sign malware to appear as legitimate files
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
