Address: Rue de la Loi 107, 1000 Brussels, BE Tel: +32 2 295 2100

Security Advisory 2018-010

Release Date:

Critical Vulnerability in Sophos Mobile and Sophos Mobile Control

Download

History:

  • 09/04/2018 --- v1.0 -- Initial publication

Summary

On 26th of March 2018, Sophos released a security advisory concerning Sophos Mobile and Sophos Mobile Control [1, 2]. This critical vulnerability could allow an unauthenticated user to access the administration console or the self-service portal of Sophos Mobile.

Technical Details

There is not much details from Sophos available outside of the fact that a successful exploitation of the vulnerability could allow an attacker to bypass authentication to the administration panel of the portal, and that no attacks have been observed at the time of this writing.

Products Affected

All version of Sophos Mobile and Sophos Mobile Control prior to 8.0.7 are affected by the vulnerability.

Recommendations

For all version higher than 6.0, the patch is available on the Sophos License Portal.

For version 5.1 and earlier, Sophos provides instructions how to upgrade to an up-to-date version [3].

Workarounds

There are no known workarounds that address this vulnerability.

References

[1] http://app.go.sophos.com/e/es?s=1777052651&e=250342&elq=03365c36a00a448499140d48c8896a16

[2] https://community.sophos.com/kb/en-us/131867

[3] https://community.sophos.com/kb/en-us/128031

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.