September 22, 2023

Sophos last year patched a remote code execution flaw affecting the web administration console (WebAdmin) of SG UTM devices. The issue, tracked as CVE-2020-25223, was reported and fixed with the release of SG UTM v9.705 MR5, v9.607 MR7, and v9.511 MR11.

It appears that not all Sophos customers have patched their devices. Still customer’s UTM devices had been running a vulnerable version of the software.

Last week, the researchers published a blog post detailing how CVE-2020-25223 can be exploited by a remote, unauthenticated attacker for arbitrary code execution with root privileges on a Sophos appliance.

In order to exploit CVE-2020-25223, all an attacker needs to do is send a single HTTP request. If the WebAdmin interface is exposed to the internet, it may be possible for an attacker to exploit the vulnerability directly from the web.

Shodan search engine identified over 3,100 systems that appear to expose the WebAdmin interface, but it’s unclear how many of them are actually vulnerable.

Sophos said, “The additional detail in the blog raises awareness about how important it is for organizations to constantly update and patch their software. The emphasis we want underscore is that updating, and patching is a critical security best practice that organizations of all sizes need to build into their ongoing maintenance routines.”

Tags:

Leave a Reply

You may have missed

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023
%d bloggers like this: