Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Over 4,000 Servers Are Still Vulnerable to Critical Bug in Sophos Firewall

Now Reading
Over 4,000 Servers Are Still Vulnerable to Critical Bug in Sophos Firewall

Experts have warned that more than 4,000 Sophos Firewall devices available via the Internet are still vulnerable to a critical bug, a patch for which was released back in the fall of 2022.

We are talking about the CVE-2022-3236 issue (9.8 points on the CVSS vulnerability rating scale), which was found in the User Portal and the Sophos Firewall web admin. In fact, this bug allows attackers to achieve arbitrary code execution (RCE).

Hotfixes for all versions of Sophos Firewall affected by this bug (v19.0 MR1, 19.0.1 and older) were released back in September last year, and full patches were submitted in December. At the same time, back in the fall, the manufacturer warned that the vulnerability was already being used by hackers to attack organizations in South Asia.

As specialists from the information security company VulnCheck now report, according to their study, out of 88,000 Sophos Firewall instances, about 6% of the total mass (more than 4,000) are still working with versions that have not received patches and are vulnerable to the CVE-2022-3236 problem.

More than 99% of the Sophos firewalls available over the internet have not been updated to versions containing the official fix for CVE-2022-3236. However, about 93% are running patchable versions, and the default behavior of the firewall is to automatically download and install patches (unless an administrator has disabled this feature). the researchers write.

It is likely that almost all servers eligible for the fix have received it, although bugs do happen. And still there are more than 4,000 firewalls (about 6% of the total) with versions that have not received patches and are therefore vulnerable.”

Although the PoC exploit for CVE-2022-3236 has not yet been published online, the researchers were able to reproduce it based on technical information published by the Trend Micro Zero Day Initiative (ZDI). So it is likely that attackers will be able to do this too.

After the appearance of a public exploit, experts predict a wave of attacks on this vulnerability. However, the mass exploitation of the bug is likely to be prevented by the fact that Sophos Firewall by default requires web clients to solve CAPTCHAs during authentication. To get around this limitation, attackers will also have to use automatic CAPTCHA solvers, and an unsuccessful CAPTCHA solution will cause the exploit to fail.


Let me also remind you that information security specialists also wrote that Hackers Use Vulnerability in Sophos XG Firewall.

What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response