Sophos has released patches to address vulnerabilities in Sophos Firewall version 19.5, including arbitrary code execution bugs.
The most severe issue addressed is a critical code injection vulnerability tracked as CVE-2022-3236. That was discovered in the User Portal and Webadmin.
Earlier this year, Sophos has warned of this critical code injection security vulnerability (CVE-2022-3236) affecting its Firewall product which is being exploited in the wild. Sophos confirmed that this vulnerability was being used to target a small set of specific organizations, primarily in the South Asia region.
Overall, below are the issues addressed by Sophos
- CVE-2022-3226 – An OS command injection vulnerability allowing admins to execute code via SSL VPN configuration uploads was discovered by Sophos during internal security testing.
- CVE-2022-3713 – A code injection vulnerability allowing adjacent attackers to execute code in the Wifi controller was discovered by Sophos during internal security testing. It requires attackers to be connected to an interface with the Wireless Protection service enabled.
- CVE-2022-3696 – A post-auth code injection vulnerability allowing admins to execute code in Webadmin was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program.
- Two medium severities, respectively a stored XSS vulnerability (CVE-2022-3709) and a post-auth read-only SQL injection flaw (CVE-2022-3711).
- One low severity flaw, CVE-2022-3710 – A post-auth read-only SQL injection vulnerability.
Its recommended to update these patches wherever appliable.