December 9, 2023

Sophos has patched a crucial vulnerability in its Sophos Firewall product that enables distant code execution (RCE). Tracked as CVE-2022-1040 with CVSS score of 9.8, the authentication bypass vulnerability exists within the Consumer Portal and Webadmin areas of Sophos Firewall impacting 18.5 MR3(18.5.3) and earlier versions

There isn’t a motion required for Sophos Firewall clients with the ‘Enable automated set up of hotfixes’ function enabled. Enabled is the default setting. Clients can defend themselves from exterior attackers by guaranteeing their Consumer Portal and Webadmin aren’t uncovered to WAN.

Sophos Advisory

The safety advisory nevertheless implies that some older variations and end-of-life merchandise could should be actioned manually.


As a common workaround towards the vulnerability, the corporate advises clients to safe their Consumer Portal and Webadmin interfaces

Disable WAN entry to the Consumer Portal and Webadmin by following system entry finest practices and as an alternative use VPN and/or Sophos Central for distant entry and administration.

Sophos had additionally resolved two ‘Excessive’ severity vulnerabilities (CVE-2022-0386 and CVE-2022-0652) impacting the Sophos UTM (Unified Risk Administration) home equipment.

Sophos Firewall customers are subsequently suggested to verify their merchandise are up to date. The Sophos Help web site explains find out how to allow automated hotfix set up and to confirm if the hotfix for CVE-2022-1040  efficiently reached your product.


As soon as automated hotfix set up is enabled, Sophos Firewall checks for hotfixes each thirty minutes and after any restart.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.