Critical Sophos Firewall vulnerability allows remote code execution

[correlate]

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
May 4, 2019
825
Content source
https://www.bleepingcomputer.com/news/security/critical-sophos-firewall-vulnerability-allows-remote-code-execution/
Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE).

Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.
On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the company released hotfixes for.
Click to expand...
www.bleepingcomputer.com

Critical Sophos Firewall vulnerability allows remote code execution

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • Thanks
Reactions: franz, peterfat11, dinosaur07 and 8 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
Unfortunately this is the second time in 5 years that Sophos XG firewalls have had a fully remote exploitable vulnerability on their login page! I used to be a big fan of Sophos for offering home users the ability to run a legitimate enterprise firewall using a spare PC, but since they switched to XG (based off acquisition of CyberRoam) the quality has been going way down.

It’s hard to say anything good about a firewall that can be compromised via its login page. More than once. And for the exploit to be detected in the wild first. I’ll be decommissioning my last Sophos setup
 
  • +Reputation
  • Like
Reactions: Venustus, plat, Gandalf_The_Grey and 1 other person
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
www.bleepingcomputer.com

CISA orders agencies to patch actively exploited Sophos firewall bug

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks.
www.bleepingcomputer.com www.bleepingcomputer.com

excerpt:

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks.

As Sophos revealed almost one week ago, the CVE-2022-1040 bug enables attackers to bypass authentication via the User Portal or Webadmin interface and execute arbitrary code remotely.

Two days later, the cybersecurity vendor amended its security advisory, saying it alerted a small set of South Asian organizations targeted with CVE-2022-1040 exploits.
 
  • Like
  • +Reputation
Reactions: Venustus, silversurfer, MacDefender and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
Security News D-Link says it is not fixing four RCE flaws in DIR-846W routers
Replies
0
Views
1,786
Security News
Gandalf_The_Grey
Gandalf_The_Grey
upnorth
    • Like
    • Wow
    • Thanks
More than 4,400 Sophos Firewall Servers remain vulnerable to critical exploits
Replies
0
Views
727
News Archive
upnorth
upnorth
Bot
Security News Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Replies
0
Views
685
Security News
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top