Security News > 2022 > March > Critical Sophos Security Bug Allows RCE on Firewalls
Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution.
The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall.
Sophos did not provide technical details or a CVSS score for the bug, but listed it as "Critical."
"Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN," according to Sophos.
"Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management."
An unnamed independent researcher was credited with reporting the flaw via Sophos' bug bounty.
News URL
https://threatpost.com/critical-sophos-security-bug-rce-firewalls/179127/
Related news
- The ongoing evolution of the CIS Critical Security Controls (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2022-1040 | Unspecified vulnerability in Sophos Sfos An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | 9.8 |