Cyber Security

Sophos fixes SQL injection vulnerability in UTM appliance

Sophos has resolved a severe vulnerability in the software running on its all-in-one Universal Threat Management (UTM) appliances.

A post-authentication SQL injection vulnerability in the Mail Manager component of the appliance created a means for attackers to run hostile code on a Sophos UTM appliance.

The vulnerability (CVE-2022-0386), discovered by Sophos during internal security testing, can be resolved by updating to version 9.710 of the software, released earlier this month.

In a security update, Sophos states that “users of older versions of Sophos UTM are required to upgrade to receive this fix”.

The same update also removes an obsolete SSL VPN client, as well as addressing a lesser and unrelated security vulnerability – tracked as CVE-2022-0652 – that resulted in password hashes being written into system log files.

Although not directly exploitable, these password hashes were left in locations where they might potentially be harvested and abused in offline brute-force attacks.

UTM devices bundle a variety of security functions into a single appliance that typically includes a network firewall, intrusion prevention, gateway antivirus, web proxy technology, and other security functions.

Such devices are touted for ease of management, but they do bring with them the disadvantage of creating a single point of failure.

Source: https://portswigger.net/daily-swig/sophos-fixes-sql-injection-vulnerability-in-utm-appliance

Click to comment

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version