sophos-firewall-vulnerability

Analysis

On 23rd September Sophos published an article regarding its actively exploited critical vulnerability in a wild. It was reported that one of the undisclosed customers of Sophos faced exploitation of code injection vulnerability in the user portal and web admin of Sophos firewall.

With the successful exploitation of the vulnerability, the malicious actor can execute remote code and can gain further access to the system. After the discovery of this vulnerability, Sophos issued a temporary fix advisory for this vulnerability and later released a patch.

The vulnerability was classified as CVE-2022-3236 in Common Vulnerability and exposures vulnerability database, which has a severity of “Critical” and a vulnerability score of 9.8 as per CVSS v3.1(Common vulnerability scoring system).

CVSS v3.1: 9.8 (Critical)

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged

Confidentiality: High

Integrity: High

Availability: High

Prevention

  • Disable Wide area network access to the User Portal and Web admin for the firewall.
  • Enable “Allow automatic installation of hotfixes”
  • Update to the latest versions v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), and v19.5 GA.

References

NIST-National Vulnerability Database

Sophos

 

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.