Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

RCE vulnerability fixed in Sophos Firewall

Now Reading
RCE vulnerability fixed in Sophos Firewall

Sophos developers have warned that the RCE vulnerability associated with Sophos Firewall is already being actively used in attacks.

The latest vulnerability has the identifier CVE-2022-1040 and is rated as critical on the CVSS scale (9.8 points out of 10 possible).

The bug reportedly allows remote attackers to bypass authentication through the firewall’s user portal or web admin and then execute arbitrary code. The vulnerability was discovered by an anonymous researcher who reported it through the official bug bounty program and stated that the issue affects Sophos Firewall 18.5 MR3 (18.5.3) and earlier.

So far, little is known about attacks that exploit this issue: the manufacturer reports that the bug is mainly exploited in attacks against targets from South Asia.

Sophos has discovered that this vulnerability is being used to attack a small pool of organizations, primarily in South Asia. We have informed each of these organizations directly. Sophos will provide additional information as the investigation continues.the company said.

Sophos has fixed the vulnerability in several firewall versions, including 17.0, 17.5, 18.0, and 18.5.

There is no action required for Sophos Firewall customers with the ‘Allow automatic installation of hotfixes’ feature enabled. Enabled is the default setting.explains Sophos in its security advisory.

However, security guidelines mean that some older versions and end-of-life products may need to be activated manually. As a general workaround against the vulnerability, the company recommends that customers secure their user portal and web administration interfaces.

Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN. Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management.the advisory reads.

In addition, Sophos has included patches in versions 19 and 18.5 MR4, and patches have been released for Sophos Firewall versions 17.5 MR12-MR15, 18.0 MR3 and MR4, and 18.5 GA, which are already obsolete and whose support has already been discontinued.

Let me remind you that we also said that Sophos company notified customers of data breach, and also that Sophos and ReversingLabs presented SoReL-20M database with data for information security researchers.

What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response