Web security flaw in Sophos Firewall patched
A recently resolved vulnerability in Sophos Firewall has been abused by attackers in targeted attacks, the vendor warns.
The critical vulnerability (CVE-2022-3236) poses a remote code execution (RCE) risk.
Sophos Firewall v19.0 MR1 (19.0.1) and older are potentially vulnerable to the security bug in the User Portal and Webadmin of Sophos Firewall.
In a security advisory published on Friday (September 23), Sophos said that it has issued a patch that installs automatically in default installations of its firewall technology.
This is just as well given the vulnerability has already featured in attacks in the wild.
“Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” the vendor’s advisory said. “We have informed each of these organizations directly.
“Sophos will provide further details as we continue to investigate,” it added.
Short of applying a patch, the vulnerability might be mitigated by disabling WAN access to the User Portal and Webadmin, Sophos advises.
The Daily Swig asked Sophos to explain in what ways the vulnerability has been exploited and how the problem was discovered.
In response, Sophos said it was alerted about the zero-day vulnerability by one of its customers. The vendor went on to reiterate that few of its customers were affected by the problem – without saying what issues they may have faced:
A customer notified Sophos, at which time Sophos took immediate steps to issue a hotfix, which was already applied last week. This only affected an extremely small subset of organizations.
The vulnerability is noteworthy since it represents a web security flaw in a network security product.
One infosec observer warned that the flaw is of the type that might lend itself to widespread abuse.
“This has a HIGH chance of mass exploitation, given the vulnerability is based on Code Injection (CWE-94) and if we look at the #CISA KEVs, at least 28 of those are Code Injection related,” said threat researcher Immanuel Chavoya in a post about the vulnerability on Twitter.
Resource : https://portswigger.net/daily-swig/web-security-flaw-in-sophos-firewall-patched
I couldn’t refrain from commenting. Perfectly written!
I was curious if you ever thought of changing the page layout of
your blog? Its very well written; I love what youve got to
say. But maybe you could a little more in the way of content
so people could connect with it better. Youve got an awful lot of text for only having one or 2 pictures.
Maybe you could space it out better?
Thanks for your comment.
That is a great tip particularly to those new to the blogosphere.
Short but very precise information… Many thanks for sharing this one.
A must read post!
Thanks for your comment
Incredible! This blog looks just like my old one!
It’s on a completely different topic but it has pretty much the same layout and design.
Wonderful choice of colors!
Thanks for your comment.