Security News > 2023 > December > EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices.
"In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall," the company shared on Monday by updating of the original security advisory.
"No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. We immediately developed a patch for certain EOL firmware versions, which was automatically applied to the 99% of affected organizations that have 'accept hotfix' turned on. All the vulnerable devices are running end-of-life firmware."
CVE-2022-3236 is a code injection vulnerability in the User Portal and Webadmin of Sophos Firewall that allows for remote code execution on the targeted vulnerable installation.
V18.5 GA, MR1, MR1-1, MR2, MR3, and MR4. v17.0 MR10. Admins of EOL devices that don't have the "Accept hotfix" option turned on must download and apply the hotfix manually.
Just how many internet-facing, vulnerable EOL devices are still out there is difficult to say.
News URL
https://www.helpnetsecurity.com/2023/12/13/eol-sophos-firewalls-cve-2022-3236/
Related news
- Custom "Pygmy Goat" malware used in Sophos Firewall hack on govt network (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |