Security News > 2022 > September > Sophos warns of new firewall RCE bug exploited in attacks
Sophos warned today that a critical code injection security vulnerability in the company's Firewall product is being exploited in the wild.
The company says it has released hotfixes for Sophos Firewall versions affected by this security bug and older) that will roll out automatically to all instances since automatic updates are enabled by default.
"No action is required for Sophos Firewall customers with the 'Allow automatic installation of hotfixes' feature enabled on remediated versions. Enabled is the default setting," Sophos explained.
Patching your Sophos Firewall bugs is critically important, especially since this is not the first such flaw exploited in the wild.
Sophos patched a similar critical Sophos Firewall bug in March, discovered in the User Portal and Webadmin, letting threat actors bypass authentication and execute arbitrary code.
As part of attacks where the zero-day was used, Asnarök trojan malware exploited it to try and steal firewall credentials from vulnerable XG Firewall instances.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)