Security News > 2022 > September > Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released
Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product.
The issue, tracked as CVE-2022-3236, impacts Sophos Firewall v19.0 MR1 and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution.
The company said it "Has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region," adding it directly notified these entities.
As a workaround, Sophos is recommending that users take steps to ensure that the User Portal and Webadmin are not exposed to WAN. Alternatively, users can update to the latest supported version -.
The development marks the second time a Sophos Firewall vulnerability has come under active attacks within a year.
Sophos firewall appliances have also previously come under attack to deploy what's called the Asnarök trojan in an attempt to siphon sensitive information.
News URL
https://thehackernews.com/2022/09/hackers-actively-exploiting-new-sophos.html
Related news
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |