Security News > 2023 > December > Sophos backports RCE fix after attacks on unsupported firewalls
Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.
Although the hotfix was automatically rolled out to appliances set to auto-accept security updates by the vendor, by January 2023, over 4,000 internet-exposed appliances remained vulnerable to attacks.
"In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall," reads the updated security bulletin.
December Android updates fix critical zero-click RCE flaw.
Over 1,450 pfSense servers exposed to RCE attacks via bug chain.
WordPress fixes POP chain exposing websites to RCE attacks.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |