Over 4,000 Servers Are Still Vulnerable to Critical Bug in Sophos Firewall
Experts have warned that more than 4,000 Sophos Firewall devices available via the Internet are still vulnerable to a critical bug, a patch for which was released back in the fall of 2022.
We are talking about the CVE-2022-3236 issue (9.8 points on the CVSS vulnerability rating scale), which was found in the User Portal and the Sophos Firewall web admin. In fact, this bug allows attackers to achieve arbitrary code execution (RCE).
Hotfixes for all versions of Sophos Firewall affected by this bug (v19.0 MR1, 19.0.1 and older) were released back in September last year, and full patches were submitted in December. At the same time, back in the fall, the manufacturer warned that the vulnerability was already being used by hackers to attack organizations in South Asia.
As specialists from the information security company VulnCheck now report, according to their study, out of 88,000 Sophos Firewall instances, about 6% of the total mass (more than 4,000) are still working with versions that have not received patches and are vulnerable to the CVE-2022-3236 problem.
It is likely that almost all servers eligible for the fix have received it, although bugs do happen. And still there are more than 4,000 firewalls (about 6% of the total) with versions that have not received patches and are therefore vulnerable.”
Although the PoC exploit for CVE-2022-3236 has not yet been published online, the researchers were able to reproduce it based on technical information published by the Trend Micro Zero Day Initiative (ZDI). So it is likely that attackers will be able to do this too.
After the appearance of a public exploit, experts predict a wave of attacks on this vulnerability. However, the mass exploitation of the bug is likely to be prevented by the fact that Sophos Firewall by default requires web clients to solve CAPTCHAs during authentication. To get around this limitation, attackers will also have to use automatic CAPTCHA solvers, and an unsuccessful CAPTCHA solution will cause the exploit to fail.
Let me also remind you that information security specialists also wrote that Hackers Use Vulnerability in Sophos XG Firewall.