A critical security vulnerability in Sophos Firewall was just disclosed.
CVE-2022-1040 Sophos Firewall Vulnerability
Tracked as CVE-2022-1040, the vulnerability is an authentication bypass in the User Portal and webadmin that could allow attackers to perform remote code execution attacks. Affected is Sophos Firewall version v18.5 MR3 and older.
According to the company’s advisory, the vulnerability has been reported via the Sophos bug bounty program by an external researcher. Fortunately, CVE-2022-1040 has been fixed, and a patch is available.
What should you do, if affected? As a Sophos Firewall customer, you are not required to perform any action, as long as the “Allow automatic installation of hotfixes” is enabled. This is the default setting.
It should be noted that the vulnerability has been used to target a small number of organizations primarily in the South Asia region. The organizations have been directly contacted by the company, with the promise to investigate further and provide more details when available.
As an additional workaround, customers can ensure that their User Portal and Webadmin are not exposed to WAN.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: