Connect with us

Hi, what are you looking for?

Cyber Security

Attackers abuse web security flaw in Sophos Firewall

Published

A recently resolved vulnerability in Sophos Firewall has been abused by attackers in targeted attacks, the vendor warns.

The critical vulnerability (CVE-2022-3236) poses a remote code execution (RCE) risk.

Sophos Firewall v19.0 MR1 (19.0.1) and older are potentially vulnerable to the security bug in the User Portal and Webadmin of Sophos Firewall.

In a security advisory published on Friday (September 23), Sophos said that it has issued a patch that installs automatically in default installations of its firewall technology.

This is just as well given the vulnerability has already featured in attacks in the wild.

“Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” the vendor’s advisory said. “We have informed each of these organizations directly.

“Sophos will provide further details as we continue to investigate,” it added.

Short of applying a patch, the vulnerability might be mitigated by disabling WAN access to the User Portal and Webadmin, Sophos advises.

The Daily Swig asked Sophos to explain in what ways the vulnerability has been exploited and how the problem was discovered.

In response, Sophos said it was alerted about the zero-day vulnerability by one of its customers. The vendor went on to reiterate that few of its customers were affected by the problem – without saying what issues they may have faced:

A customer notified Sophos, at which time Sophos took immediate steps issue a hotfix, which was already applied last week. This only affected an extremely small subset of organizations.

The vulnerability is noteworthy since it represents a web security flaw in a network security product.

One infosec observer warned that the flaw is of the type that might lend itself to widespread abuse.

“This has a HIGH chance of mass exploitation, given the vulnerability is based on Code Injection (CWE-94) and if we look at the #CISA KEVs, at least 28 of those are Code Injection related,” said threat researcher Immanuel Chavoya in a post about the vulnerability on Twitter.

Source: https://portswigger.net/daily-swig/attackers-abuse-web-security-flaw-in-sophos-firewall

Advertisement. Scroll to continue reading.
In this article:, ,
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

What is Zero Trust Data Access? – Zero Trust in the SaaS Guide

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

September 5, 2023

Cyber Security

CISA warns govt agencies to patch Adobe ColdFusion servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

July 23, 2023

Cyber Security

What is Dynamic Application Security Testing (DAST) ?

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

July 22, 2023

Cyber Security

HCL BigFix WebUI Flaw Redirect users to External Site

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

July 19, 2023

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO