A critical vulnerability in the Sophos Firewall User Portal and Webadmin, allowing hackers to execute malicious code remotely.
The vulnerability tracked CVE-2022-3236 with a CVSS score of 9.8, enables attackers to inject harmful code into the software, which, if exploited, can result in a complete takeover of the system and data theft.
Sophos said that “vulnerable devices are running end-of-life (EOL) firmware. We immediately developed a patch for certain EOL firmware versions, which was automatically applied to the 99% of affected organizations that have “accept hotfix” turned on”.
Sophos Firewall v19.0 MR1 and older, which was released in 2022, has become outdated. As a result, the firmware on every vulnerable device has reached its end-of-life for which no updates will be released.
This particular vulnerability has been exploited with the purpose of targeting a specific group of companies, mostly located in South Asia, as reported by Sophos.
It is crucial for organizations to take steps to ensure the security of their User Portal and Web admin, by preventing their exposure to the Wide Area Network (WAN).
For remote access and management, it is advisable to utilize either VPN or Sophos Central. To adhere to device access best practices, it is recommended by Sophos to disable WAN access to the User Portal and Webadmin.
It is crucial for organizations to stay vigilant and take necessary measures to protect their systems and data from potential attacks.
