Get in Touch
Please get in touch using the form below.
Critical Sophos vulnerability allows Remote Code Execution
Overview
Sophos have published an update to deal with an authentication bypass vulnerability (CVE-2022-1040) in the User Portal and Web Admin interfaces.
Impact
A remote attacker could execute code allowing them to take control of the firewall.
Vulnerability Detection
Sophos have published instructions on how to verify the fix
Affected Products
Sophos Firewall v18.5 MR3 (18.5.3) and older.
Containment, Mitigations & Remediations
Sophos advise that customers with ‘Allow automatic installation of hotfixes’ enabled should automatically receive the fix.
To protect against remote attacks, network services should not be exposed to the internet unless absolutely required. Remote access can be controlled through the use of a VPN.
Indicators of Compromise
None listed.
Threat Landscape
Sophos report that this vulnerability has been used to target some organisations primarily in the South Asia region. Those customers have been notified. The vulnerability still remains to be classified, however Sophos are clearly worried about it as they have provided updates for a variety of different unsupported / end-of-life (EoL) devices, which also suggests that this vulnerability may have lain undetected for quite some period of time.
Mitre Methodologies
T1190 – Exploit Public-Facing Application