Sophos Firewall found a serious security issue
>
Sophos Firewall contains a very serious vulnerability that is being actively exploited in the wild, the company has confirmed, and urges system administrators to apply the patch or workaround as soon as possible.
In an official announcement, the company said the threat actor exploiting the flaw is targeting a specific type of companies for its victims.
“Sophos has observed that this vulnerability is being used to attack a small number of specific organizations, mainly in the South Asia region,” Sophos said. “We have informed each of these organizations directly. Sophos will provide further details as we continue the investigation.”
Remote Code Execution
The vulnerability was discovered in the User Portal and Webadmin. Tracked as CVE-2022-3236, the flaw allows threat actors to execute code remotely. The company has already released a fix, which should be applied automatically for most users. By default, the feature of automatic updates is enabled, so unless system administrators have intentionally disabled it, they should be fine.
Those who need to be extra careful are those who have the feature disabled, or those who are using older versions of Sophos Firewall. They should first upgrade the software.
System administrators who are unable to apply the patch at this time can also use the workaround to ensure that the user portal and webadmin are not exposed to WAN.
“Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central (preferred) for remote access and management,” said Sophos.
In any case, this is the third time this year that Sophos Firewall has made headlines for all the wrong reasons. In April of this year, the company announced it had patched a flaw that allowed threat actors to remotely execute any code, including viruses and malware, on an endpoint. (opens in new tab) with its firewall software and at the end of June it fixed CVE-2022-1040 (Authentication Bypass Error that Allows Arbitrary Code to Be Executed).
Through: BleepingComputer (opens in new tab)