June 7, 2023

Sophos has patched an actively exploited RCE vulnerability tracked as CVE-2022-3236 in its Firewall products. Also it communicated to the organization directly about the vulnerability.

CVE-2022-3236 is a code injection vulnerability in the User Portal and Webadmin of Sophos Firewall. If successfully exploited, it allows for RCE on the targeted vulnerable installation.

Advertisements

Sophos Firewall v19.0 MR1 (19.0.1) and older are affected. Sophos published hotfixes for a variety of them, and has included the fix in v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), and v19.5 GA.

The hotfixes have been pushed to customers with the “Allow automatic installation of hotfixes” feature enabled on remediated versions.

Customers who don’t have the featured enabled are advised to get the hotfix or to upgrade to a newer version. If fix is not possible, they can protect themselves from external attackers by disabling WAN access to the User Portal and Webadmin.

Advertisements

An alternative for remote access and management, they can use VPN and/or the Sophos Central cloud management platform.

This vulnerability has been added to CISA’s Known Exploited Vulnerabilities Catalog.

Tags:

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: