{"id":3447,"date":"2019-09-25T14:48:12","date_gmt":"2019-09-25T14:48:12","guid":{"rendered":"https:\/\/www.neam.de\/?p=15839"},"modified":"2019-09-25T14:48:12","modified_gmt":"2019-09-25T14:48:12","slug":"handlungsbedarf-schwachstelle-in-sophos-mobile-control-server","status":"publish","type":"post","link":"https:\/\/www.kai-wittenburg.de\/?p=3447","title":{"rendered":"Handlungsbedarf: Schwachstelle in Sophos Mobile Control Server"},"content":{"rendered":"<div id=\"pl-15839\"  class=\"panel-layout\" >\n<div id=\"pg-15839-0\"  class=\"panel-grid panel-no-style\" >\n<div id=\"pgc-15839-0-0\"  class=\"panel-grid-cell\" >\n<div id=\"panel-15839-0-0-0\" class=\"so-panel widget widget_sow-editor panel-first-child panel-last-child\" data-index=\"0\" >\n<div class=\"so-widget-sow-editor so-widget-sow-editor-base\">\n<div class=\"siteorigin-widget-tinymce textwidget\">\n<p><span style=\"color: #000000;\">Unserem Hersteller-Partner Sophos wurde eine unauthentifizierte Remote Code Execution (RCE) Schwachstelle in den Versionen 5.0 bis 7.0 von Sophos Mobile Control Server gemeldet. Nutzen Sie eine der betroffenen Versionen lokal? Falls noch nicht erfolgt, m\u00fcssen Sie dann jetzt handeln und auf die aktuelle Version von Sophos Mobile Server upgraden.<\/span><\/p>\n<p><span style=\"color: #000000;\">Das Upgrade Ihres Servers ist einfach. Weitere Informationen finden Sie im Knowledgebase-Artikel<\/span> <a href=\"http:\/\/app.go.sophos.com\/e\/er?s=1777052651&amp;lid=11290&amp;elqTrackId=9c5192d8be3f49d3aab734811de4fc62&amp;elq=c771b8684314455f8b33ab1d7a1b3085&amp;elqaid=9678&amp;elqat=1\"  rel=\"noopener\">How to update to Sophos Mobile 9.0<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div id=\"pg-15839-1\"  class=\"panel-grid panel-no-style\" >\n<div id=\"pgc-15839-1-0\"  class=\"panel-grid-cell\" >\n<div id=\"panel-15839-1-0-0\" class=\"so-panel widget widget_sow-editor panel-first-child panel-last-child\" data-index=\"1\" >\n<div class=\"so-widget-sow-editor so-widget-sow-editor-base\">\n<div class=\"siteorigin-widget-tinymce textwidget\">\n<h3><span style=\"color: #000000;\">Was ist passiert?<\/span><\/h3>\n<p><span style=\"color: #000000;\">Ein externer Sicherheitsforscher hat Sophos auf eine schwerwiegende REC-Schwachstelle aufmerksam gemacht und kann mit diesen Informationen jederzeit an die \u00d6ffentlichkeit gehen. Die Schwachstelle befindet sich in einer Drittanbieter-Library. Diese wurde in einigen \u00e4lteren Versionen von Sophos Mobile Control genutzt, die jetzt nicht mehr unterst\u00fctzt werden. Sophos ist bisher von keinen Versuchen bekannt, bei denen diese Schwachstelle in Kundenumgebungen ausgenutzt wurde.<\/span><\/p>\n<h3><span style=\"color: #000000;\">Betroffene Produkte<\/span><\/h3>\n<p><span style=\"color: #000000;\">Von dieser Schwachstelle sind lokale Server-Installationen von Sophos Mobile Control Version 5.0 bis Version 7.0 betroffen.<\/span><\/p>\n<p><span style=\"color: #000000;\">Sophos Mobile ab Version 7.1 und gehostete Versionen von Sophos Mobile \u2013 beispielsweise in Sophos Central \u2013 sind nicht betroffen.<\/span><\/p>\n<h3><span style=\"color: #000000;\">Upgrade erforderlich<\/span><\/h3>\n<p><span style=\"color: #000000;\">Upgraden Sie Ihren Sophos Mobile Control Server schnellstm\u00f6glich auf die aktuelle Version. K\u00f6nnen wir Sie unterst\u00fctzen? Dann f\u00fcllen Sie bitte das nachfolgende Formular aus.<br \/>\n<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div id=\"pg-15839-2\"  class=\"panel-grid panel-no-style\" >\n<div id=\"pgc-15839-2-0\"  class=\"panel-grid-cell\" >\n<div id=\"panel-15839-2-0-0\" class=\"so-panel widget widget_sow-editor panel-first-child panel-last-child\" data-index=\"2\" >\n<div class=\"so-widget-sow-editor so-widget-sow-editor-base\">\n<div class=\"siteorigin-widget-tinymce textwidget\">\n<p><span style=\"color: #000000;\"><\/p>\n<div class='gf_browser_gecko gform_wrapper' id='gform_wrapper_6' >\n<form method='post' enctype='multipart\/form-data'  id='gform_6'  action='https:\/\/www.neam.de\/feed\/'>\n<div class='gform_body'>\n<ul id='gform_fields_6' class='gform_fields top_label form_sublabel_below description_below'>\n<li id='field_6_1'  class='gfield gf_left_half field_sublabel_below field_description_below gfield_visibility_visible' ><label class='gfield_label gfield_label_before_complex'  >Vorname &amp; Nachname<\/label>\n<div class='ginput_complex ginput_container no_prefix has_first_name no_middle_name has_last_name no_suffix gf_name_has_2 ginput_container_name' id='input_6_1'>\n<p>                            <span id='input_6_1_3_container' class='name_first' ><br \/>\n                                                    <input type='text' name='input_1.3' id='input_6_1_3' value='' aria-label='Vorname'    aria-invalid=\"false\" \/><br \/>\n                                                    <label for='input_6_1_3' >Vorname<\/label><br \/>\n                                                <\/span><\/p>\n<p>                            <span id='input_6_1_6_container' class='name_last' ><br \/>\n                                                    <input type='text' name='input_1.6' id='input_6_1_6' value='' aria-label='Nachname'    aria-invalid=\"false\" \/><br \/>\n                                                    <label for='input_6_1_6' >Nachname<\/label><br \/>\n                                                <\/span><\/p><\/div>\n<\/li>\n<li id='field_6_2'  class='gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible' ><label class='gfield_label' for='input_6_2' >E-Mail<span class='gfield_required'>*<\/span><\/label>\n<div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_6_2' type='text' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\" aria-describedby=\"gfield_description_6_2\"\/>\n                        <\/div>\n<div class='gfield_description' id='gfield_description_6_2'>Bitte hier die korrekte E-Mail-Adresse eintragen.<\/div>\n<\/li>\n<li id='field_6_3'  class='gfield field_sublabel_below field_description_below gfield_visibility_visible' ><label class='gfield_label' for='input_6_3' >Anmerkungen<\/label>\n<div class='ginput_container ginput_container_textarea'><textarea name='input_3' id='input_6_3' class='textarea medium'  aria-describedby=\"gfield_description_6_3\" maxlength='300'   aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div>\n<div class='gfield_description' id='gfield_description_6_3'>Haben Sie Anmerkungen f\u00fcr uns?<\/div>\n<\/li>\n<li id='field_6_4'  class='gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible' ><label class='gfield_label' for='input_6_4' >Comments<\/label>\n<div class='ginput_container'><input name='input_4' id='input_6_4' type='text' value='' \/><\/div>\n<div class='gfield_description' id='gfield_description__4'>Dieses Feld dient zur Validierung und sollte nicht ver\u00e4ndert werden.<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_6' class='gform_button button' value='Absenden'  onclick='if(window[\"gf_submitting_6\"]){return false;}  window[\"gf_submitting_6\"]=true;  ' onkeypress='if( event.keyCode == 13 ){ if(window[\"gf_submitting_6\"]){return false;} window[\"gf_submitting_6\"]=true;  jQuery(\"#gform_6\").trigger(\"submit\",[true]); }' \/><br \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_6' value='1' \/><br \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='6' \/><\/p>\n<p>            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/><br \/>\n            <input type='hidden' class='gform_hidden' name='state_6' value='WyJbXSIsImI1ZjFjNTNmNGU5NTk5OTVmMDM1OGQ1MTg1NmJhY2U4Il0=' \/><br \/>\n            <input type='hidden' class='gform_hidden' name='gform_target_page_number_6' id='gform_target_page_number_6' value='0' \/><br \/>\n            <input type='hidden' class='gform_hidden' name='gform_source_page_number_6' id='gform_source_page_number_6' value='1' \/><br \/>\n            <input type='hidden' name='gform_field_values' value='' \/><\/p><\/div>\n<\/p><\/form>\n<\/p><\/div>\n<p><script type='text\/javascript'> jQuery(document).bind('gform_post_render', function(event, formId, currentPage){if(formId == 6) {if(!jQuery('#input_6_3+.ginput_counter').length){jQuery('#input_6_3').textareaCount(    {'maxCharacterSize': 300,    'originalStyle': 'ginput_counter',\t 'truncate': true,\t 'errorStyle' : '',    'displayFormat' : '#input von #max Max. Zeichenanzahl'    });jQuery('input_6_3').next('.ginput_counter').attr('aria-live','polite');}} } );jQuery(document).bind('gform_post_conditional_logic', function(event, formId, fields, isInit){} );<\/script><script type='text\/javascript'> jQuery(document).ready(function(){jQuery(document).trigger('gform_post_render', [6, 1]) } ); <\/script><\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Unserem Hersteller-Partner Sophos wurde eine unauthentifizierte Remote Code Execution (RCE) Schwachstelle in den Versionen 5.0 bis 7.0 von Sophos Mobile Control Server gemeldet. Nutzen Sie eine der betroffenen Versionen lokal? Falls noch nicht erfolgt, m&uuml;ssen Sie dann jetzt handeln und auf die aktuelle Version von Sophos Mobile Server upgraden. Das Upgrade Ihres Servers ist einfach. [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,5,6,3,7,18,852,4,12,17,15,16,14,8],"tags":[],"class_list":["post-3447","post","type-post","status-publish","format-standard","hentry","category-blog","category-bsi","category-isms","category-isms-bsi-iso-27001","category-iso27001","category-it-systeme","category-netzwerk-virtualisierung","category-notfallmanagement","category-penetrationstest","category-penetrationstests","category-risikomanagement","category-unternehmen","category-veranstaltungen","category-zertifizierung-audit"],"_links":{"self":[{"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=\/wp\/v2\/posts\/3447","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3447"}],"version-history":[{"count":4,"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=\/wp\/v2\/posts\/3447\/revisions"}],"predecessor-version":[{"id":3456,"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=\/wp\/v2\/posts\/3447\/revisions\/3456"}],"wp:attachment":[{"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kai-wittenburg.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}