Security News > 2022 > September > Sophos fixes critical firewall hole exploited by miscreants
A critical code-injection vulnerability in Sophos Firewall has been fixed - but not before miscreants found and exploited the bug.
While it hasn't been issued a CVSS severity score, Sophos deemed it "Critical" and noted that it allowed for remote code execution.
As of Tuesday, the security shop's blogs, which regularly detail vulnerabilities and exploits affecting other software vendors, hadn't mentioned its own critical firewall bug.
RCE In Sophos Firewall exploited in the wildCVE-2022-3236This has a HIGH chance of mass exploitation, given the vulnerability is based on Code Injection and if we look at the #CISA KEVs, at least 28 of those are Code Injection related...https://t.
While Sophos hasn't yet said who it believes exploited the bug to target South Asian organizations, Chinese state-sponsored criminals were behind earlier attacks this year that involved a critical flaw in Sophos Firewall.
Just last week, Recorded Future published research on multiple campaigns it attributed to Beijing-linked crews, who were seen abusing a programming error in Sophos Firewall that the software vendor fixed in April.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/09/28/sophos_firewall_code_injection/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |