Security News > 2023 > January > Thousands of Sophos firewalls still vulnerable out there to hijacking

Thousands of Sophos firewalls still vulnerable out there to hijacking
2023-01-18 23:30

More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers.

The flaw, CVE-2022-3236, had already been exploited as a zero-day when Sophos published a security advisory about the vulnerability in September 2022.

Sophos initially issued a hotfix for some versions of the firewall, and then released an formal update that squashed the bug in December 2022.

Despite that software update "More than 99 percent of internet-facing Sophos Firewalls haven't upgraded to versions containing the official fix for CVE-2022-3236," according to VulnCheck researchers, who wrote their own proof-of-concept exploit and scanned internet-facing Sophos firewalls to determine how likely mass exploitation actually is.

This is very good news for the 4,000-plus boxes running vulnerable Sophos code.

"Most internet-facing Sophos Firewalls appear to have the login captcha enabled, which means, even at the most opportune times, this vulnerability was unlikely to have been successfully exploited at scale." .


News URL

https://go.theregister.com/feed/www.theregister.com/2023/01/18/4000_buggy_sophos_firewalls/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2022-3236 Code Injection vulnerability in Sophos Firewall 19.0.1
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
network
low complexity
sophos CWE-94
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sophos 70 11 79 43 22 155