Security News > 2022 > September > Sophos fixes critical firewall hole exploited by miscreants

Sophos fixes critical firewall hole exploited by miscreants
2022-09-28 00:35

A critical code-injection vulnerability in Sophos Firewall has been fixed - but not before miscreants found and exploited the bug.

While it hasn't been issued a CVSS severity score, Sophos deemed it "Critical" and noted that it allowed for remote code execution.

As of Tuesday, the security shop's blogs, which regularly detail vulnerabilities and exploits affecting other software vendors, hadn't mentioned its own critical firewall bug.

RCE In Sophos Firewall exploited in the wildCVE-2022-3236This has a HIGH chance of mass exploitation, given the vulnerability is based on Code Injection and if we look at the #CISA KEVs, at least 28 of those are Code Injection related...https://t.

While Sophos hasn't yet said who it believes exploited the bug to target South Asian organizations, Chinese state-sponsored criminals were behind earlier attacks this year that involved a critical flaw in Sophos Firewall.

Just last week, Recorded Future published research on multiple campaigns it attributed to Beijing-linked crews, who were seen abusing a programming error in Sophos Firewall that the software vendor fixed in April.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/28/sophos_firewall_code_injection/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2022-3236 Code Injection vulnerability in Sophos Firewall 19.0.1
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
network
low complexity
sophos CWE-94
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sophos 70 11 77 42 22 152