Sophos

  • Points – $10,000 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

Updates to Sophos XG Firewall

We have exciting news for Sophos!

Sophos is happy to announce a focused reward schema for a limited time on XG Firewall.

Until further notice, we will increase the payouts for specific P1 findings up to US$10,000.

Findings eligible for the highest payout are/come with:

  • Attack Vector: Network (WAN interface only)
  • Attack Complexity: Low (no MitM etc.)
  • Privileges Required: None (pre-auth only)
  • User Interaction: None (no phishing, etc.)
  • Impact: Code/command execution as root (CVSSv3+ C:H/I:H/A:H)
  • Reproducible on the latest maintenance release of either v17.5 or v18.0, as published on MySophos
    • Findings on versions older than v17.5 or the latest MR are not eligible
  • Detailed version information:
    • Login to the Device Console
    • At the console> prompt type: “system dia sh ver”
    • Add the output to the report (screenshots accepted)
  • PoC code or step by step reproduction instructions
    • May be in the form of a video
  • Tools used to detect the issue, if any
  • Information on what helped discover the issue most:
    • Root shell access
    • Reverse engineering (decompiled JARs)
    • Previously published CVE (incl. CVE ID)
    • Other (please elaborate) *Source code file and line of the issue, if possible

All testing can be done with free trial versions of the product on any available platform (software/virtual/hardware).

IMPORTANT. All research should be done on fresh trial versions and when signing up for the trail, ensure your email has bugcrowdninja in the address. For example, tom+bugcrowdninja@gmail.com or bill@bugcrowdninja.com

Eligible findings are reproducible on fully patched v17.5 or v18.0 installations of XG Firewall (see https://community.sophos.com/kb/en-us/135415 for details). Sophos will not reward issues no longer reproducible.

As always, please be sure to review the program brief in detail, and if you have any questions, please reach out support@bugcrowd.com.

Happy Hunting!