Security News > 2022 > September > RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
Sophos has patched an actively exploited remote code execution vulnerability in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled.
CVE-2022-3236 is a code injection vulnerability in the User Portal and Webadmin of Sophos Firewall.
It affects Sophos Firewall v19.0 MR1 and older.
Sophos published hotfixes for a variety of them, and has included the fix in v18.5 MR5, v19.0 MR2, and v19.5 GA. The hotfixes have been pushed to customers with the "Allow automatic installation of hotfixes" feature enabled on remediated versions.
Sophos did not name the organizations that have been compromised by attackers via CVE-2022-3236, but said that they "Informed each of these organizations directly."
Vulnerabilities in Sophos firewalls are often exploited by attackers.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |