Security News > 2022 > March > Sophos fixes critical hijack flaw in firewall offering
Sophos has patched a remote code execution vulnerability in its firewall gear that was disclosed via its bug-bounty program.
The flaw is present in the User Portal and Webadmin user interfaces of Sophos Firewall.
The vulnerable versions are Sophos Firewall v18.5 MR3 and older.
Sophos also offered a workaround, saying organizations can further protect themselves against outside attackers by ensuring the User Portal and Webadmin are not exposed to the WAN. If you're running a supported version of Sophos Firewall, you can check to make sure you the latest hotfixes for v17.0 MR10 EAL4+, v17.5 MR16 and MR17, v18.0 MR5(-1) and MR6, v18.5 MR1 and MR2, and v19.0 EAP. There are also hotfixes for some unsupported EOL versions, and if there is no hotfix available for your installation, you'll have to upgrade your software to get protected.
Sophos runs its bug bounty program through Bugcrowd, a crowd-sourced security platform.
The Sophos program offers rewards of $100 to $20,000 per vulnerability found.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/28/sophos-firewall-rce-vulnerability/
Related news
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)
- Custom "Pygmy Goat" malware used in Sophos Firewall hack on govt network (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)