Connect with us

Hi, what are you looking for?

Cyber Security

Critical Sophos Firewall vulnerability allows remote code execution

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE).

Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.

RCE bug in web administration console

On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the company released hotfixes for.

Assigned CVE-2022-1040 with a 9.8 CVSS score, the vulnerability allows a remote attacker who can access the Firewall’s User Portal or Webadmin interface to bypass authentication and execute arbitrary code.

Sophos Firewall User Portal
Sophos Firewall User Portal interface (Sophos Community)

The vulnerability was responsibly reported to Sophos by an unnamed external security researcher via the company’s bug bounty program.

To address the flaw, Sophos released hotfixes that should, by default, reach most instances automatically.

“There is no action required for Sophos Firewall customers with the ‘Allow automatic installation of hotfixes’ feature enabled. Enabled is the default setting,” explains Sophos in its security advisory.

The security advisory however implies that some older versions and end-of-life products may need to be actioned manually.

As a general workaround against the vulnerability, the company advises customers to secure their User Portal and Webadmin interfaces:

“Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN,” reads the advisory.

“Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management.”

Earlier this week, Sophos had also resolved two ‘High’ severity vulnerabilities (CVE-2022-0386 and CVE-2022-0652) impacting the Sophos UTM (Unified Threat Management) appliances.

Sophos Firewall bugs previously exploited by attackers

It remains crucial to ensure your Sophos Firewall instances are receiving the latest security patches and hotfixes timely, given that attackers have targeted vulnerable Sophos Firewall instances in the past.

In early 2020, Sophos fixed a zero-day SQL injection vulnerability in its XG Firewall following reports that hackers were actively exploiting it in attacks.

Starting April 2020, threat actors behind the Asnarök trojan malware had exploited the zero-day to try and steal firewall usernames and hashed passwords from vulnerable XG Firewall instances.

The same zero-day had also been exploited by hackers attempting to deliver Ragnarok ransomware payloads onto companies’ Windows systems.

Advertisement. Scroll to continue reading.

Sophos Firewall users are therefore advised to make sure their products are updated. The Sophos Support website explains how to enable automatic hotfix installation and to verify if the hotfix for CVE-2022-1040 successfully reached your product.

Once automatic hotfix installation is enabled, Sophos Firewall checks for hotfixes every thirty minutes and after any restart.

Source: https://www.bleepingcomputer.com/news/security/critical-sophos-firewall-vulnerability-allows-remote-code-execution/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO