Skip to Content

Sophos zero-day under attack

Updated on 2022-09-24: Sophos Releases Patch and Workaround for Zero-Day Code Injection Flaw in Sophos Firewall

Sophos has released a fix for a code injection vulnerability in the User Portal and Webadmin components of Sophos Firewall. The flaw is being actively exploited. Customers who have enabled the “allow automatic installation of hotfixes” feature do not need to take action. The flaw affects Sophos Firewall v19.0 MR1 [19.0.1] and older. Sophos has also suggested disabling WAN access to the vulnerable components as a workaround.

Note

  • My usual advise applies: Patch, but also make sure that you are not exposing these web-based admin interfaces to the world. I doubt that this will be the last vulnerability to be found in a web-based firewall/router/VPN admin interface.
  • This flaw is noted in the CISA KEV catalog. You have until Oct 14th to fix it. The flaws are in the User Portal and Webadmin services. A workaround is to not expose these services to the Internet. You need to do both, don’t expose those to the WAN and apply the update.
  • ​​​​​​​In this case “allow” is the safe choice and should be the default. We simply have not seen sufficient cases where updates have caused problems to justify the alternative.

Read more in

Overview

Sophos fixed a zero-day vulnerability (CVE-2022-3236) in its enterprise firewall product that was actively exploited across the South Asia region. The security vendor described the issue as a code injection vulnerability that can allow remote code execution via the firewall’s web interface. The company released a firmware patch and promised to publish a thorough report as it investigates the ongoing attacks. Read more: Resolved RCE in Sophos Firewall (CVE-2022-3236)

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.