Security News > 2022 > September > RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)

RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
2022-09-26 10:10

Sophos has patched an actively exploited remote code execution vulnerability in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled.

CVE-2022-3236 is a code injection vulnerability in the User Portal and Webadmin of Sophos Firewall.

It affects Sophos Firewall v19.0 MR1 and older.

Sophos published hotfixes for a variety of them, and has included the fix in v18.5 MR5, v19.0 MR2, and v19.5 GA. The hotfixes have been pushed to customers with the "Allow automatic installation of hotfixes" feature enabled on remediated versions.

Sophos did not name the organizations that have been compromised by attackers via CVE-2022-3236, but said that they "Informed each of these organizations directly."

Vulnerabilities in Sophos firewalls are often exploited by attackers.


News URL

https://www.helpnetsecurity.com/2022/09/26/cve-2022-3236/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2022-3236 Code Injection vulnerability in Sophos Firewall 19.0.1
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
network
low complexity
sophos CWE-94
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sophos 70 11 77 42 22 152