Security News > 2022 > March > Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)
A critical vulnerability in Sophos Firewall in being exploited in the wild to target "a small set of specific organizations primarily in the South Asia region," Sophos has warned.
CVE-2022-1040 is an authentication bypass vulnerability in the User Portal and Webadmin of Sophos Firewall, and can be exploited by attackers to achieve remote code execution on vulnerable appliances.
The vulnerability affects Sophos Firewall v18.5 MR3 and older.
Sophos started releasing hotfixes on March 23, and they are currently available for a variety of supported and unsupported EOL versions of the popular enterprise-grade solution.
After releasing the security advisory for CVE-2022-1040 on Friday, Sophos has updated in on Monday to let customers know that the vulnerability is being used to mainly target organizations in the South Asia region, and that they have informed each of them directly.
We've asked Sophos whether the flaw had been exploited in the wild before they issued the hotfixes or after, and we'll update this piece when we get an answer.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2022-1040 | Unspecified vulnerability in Sophos Sfos An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | 9.8 |