Security News > 2022 > September > Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released
2022-09-24 05:03

Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product.

The issue, tracked as CVE-2022-3236, impacts Sophos Firewall v19.0 MR1 and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution.

The company said it "Has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region," adding it directly notified these entities.

As a workaround, Sophos is recommending that users take steps to ensure that the User Portal and Webadmin are not exposed to WAN. Alternatively, users can update to the latest supported version -.

The development marks the second time a Sophos Firewall vulnerability has come under active attacks within a year.

Sophos firewall appliances have also previously come under attack to deploy what's called the Asnarök trojan in an attempt to siphon sensitive information.


News URL

https://thehackernews.com/2022/09/hackers-actively-exploiting-new-sophos.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2022-3236 Code Injection vulnerability in Sophos Firewall 19.0.1
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
network
low complexity
sophos CWE-94
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sophos 70 11 77 42 22 152