Sophos Firewall contains a high-severity vulnerability that is actively exploited in the wild, the company confirmed, urging system administrators to apply a patch or workaround as soon as possible.
In an official announcement, the company announced that the cybercriminal exploiting the vulnerability focuses on a specific type of business for its victims.
“Sophos has observed that this vulnerability is being used to target a small group of specific organizations, mainly in the South Asia region,” said Sophos. “We informed each of these organizations directly. Sophos will provide further details as we continue with the investigation.
Remote code execution
The vulnerability was discovered in User Portal and Webadmin. The vulnerability, tracked as CVE-2022-3236, could allow cybercriminals to remotely execute code. The company has already released a patch that should automatically apply to most users. By default, automatic updating is turned on, so unless system administrators turn it off on purpose, they should be fine.
Those who should pay close attention are those who have the feature disabled or those who are using older versions of Sophos Firewall. They would have to update the software first.
System administrators who cannot currently apply the patch can also take advantage of this workaround – making sure that the user portal and webadmin are not available on the WAN.
“Disable WAN access to User Portal and Webadmin by following device access best practices, and use VPN and / or Sophos Central (preferred) for remote access and management instead,” said Sophos.
For at least the third time this year, Sophos Firewall has made headlines for the wrong reasons. In April this year, the company announced a patching for a vulnerability that allowed cybercriminals to remotely execute arbitrary code, including viruses and malware, on the endpoint (opens in a new tab) launched a firewall software, and in late June fixed CVE-2022-1040 (an authentication bypass error that allowed arbitrary code execution).
By: Hissing computer (opens in a new tab)