RCE vulnerability fixed in Sophos Firewall
Sophos developers have warned that the RCE vulnerability associated with Sophos Firewall is already being actively used in attacks.
The latest vulnerability has the identifier CVE-2022-1040 and is rated as critical on the CVSS scale (9.8 points out of 10 possible).
The bug reportedly allows remote attackers to bypass authentication through the firewall’s user portal or web admin and then execute arbitrary code. The vulnerability was discovered by an anonymous researcher who reported it through the official bug bounty program and stated that the issue affects Sophos Firewall 18.5 MR3 (18.5.3) and earlier.
So far, little is known about attacks that exploit this issue: the manufacturer reports that the bug is mainly exploited in attacks against targets from South Asia.
Sophos has fixed the vulnerability in several firewall versions, including 17.0, 17.5, 18.0, and 18.5.
However, security guidelines mean that some older versions and end-of-life products may need to be activated manually. As a general workaround against the vulnerability, the company recommends that customers secure their user portal and web administration interfaces.
In addition, Sophos has included patches in versions 19 and 18.5 MR4, and patches have been released for Sophos Firewall versions 17.5 MR12-MR15, 18.0 MR3 and MR4, and 18.5 GA, which are already obsolete and whose support has already been discontinued.
Let me remind you that we also said that Sophos company notified customers of data breach, and also that Sophos and ReversingLabs presented SoReL-20M database with data for information security researchers.