Critical Sophos Firewall vulnerability allows remote code execution


Level 18
Thread author
Top Poster
May 4, 2019
Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE).

Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.
On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the company released hotfixes for.


Level 16
Top Poster
Oct 13, 2019
Unfortunately this is the second time in 5 years that Sophos XG firewalls have had a fully remote exploitable vulnerability on their login page! I used to be a big fan of Sophos for offering home users the ability to run a legitimate enterprise firewall using a spare PC, but since they switched to XG (based off acquisition of CyberRoam) the quality has been going way down.

It’s hard to say anything good about a firewall that can be compromised via its login page. More than once. And for the exploit to be detected in the wild first. I’ll be decommissioning my last Sophos setup


Level 29
Top Poster
Sep 13, 2018


The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks.

As Sophos revealed almost one week ago, the CVE-2022-1040 bug enables attackers to bypass authentication via the User Portal or Webadmin interface and execute arbitrary code remotely.

Two days later, the cybersecurity vendor amended its security advisory, saying it alerted a small set of South Asian organizations targeted with CVE-2022-1040 exploits.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.