Security News > 2023 > January > Thousands of Sophos firewalls still vulnerable out there to hijacking
More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers.
The flaw, CVE-2022-3236, had already been exploited as a zero-day when Sophos published a security advisory about the vulnerability in September 2022.
Sophos initially issued a hotfix for some versions of the firewall, and then released an formal update that squashed the bug in December 2022.
Despite that software update "More than 99 percent of internet-facing Sophos Firewalls haven't upgraded to versions containing the official fix for CVE-2022-3236," according to VulnCheck researchers, who wrote their own proof-of-concept exploit and scanned internet-facing Sophos firewalls to determine how likely mass exploitation actually is.
This is very good news for the 4,000-plus boxes running vulnerable Sophos code.
"Most internet-facing Sophos Firewalls appear to have the login captcha enabled, which means, even at the most opportune times, this vulnerability was unlikely to have been successfully exploited at scale." .
News URL
https://go.theregister.com/feed/www.theregister.com/2023/01/18/4000_buggy_sophos_firewalls/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |