Security News > 2023 > January > Over 4,000 Sophos Firewall devices vulnerable to RCE attacks
Over 4,000 Sophos Firewall devices exposed to Internet access are vulnerable to attacks targeting a critical remote code execution vulnerability.
Sophos disclosed this code injection flaw found in the User Portal and Webadmin of Sophos Firewall in September and also released hotfixes for multiple Sophos Firewall versions.
Sophos Firewall instances running older product versions had to be upgraded manually to a supported version to receive the CVE-2022-3236 hotfix automatically.
While scanning the Internet for Sophos Firewall devices, VulnCheck vulnerability researcher Jacob Baines found that out of more than 88,000 instances, around 6% or more than 4,000 are running versions that haven't received a hotfix and are vulnerable to CVE-2022-3236 attacks.
Sophos Firewall bugs previously targeted in attacks.
In March 2022, Sophos patched a similar critical Sophos Firewall bug in the User Portal and Webadmin modules that enabled authentication bypass and arbitrary code execution attacks.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |