Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Products You May Like

Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers’ network.

The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution.

The company said it “has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” adding it directly notified these entities.

CyberSecurity

As a workaround, Sophos is recommending that users take steps to ensure that the User Portal and Webadmin are not exposed to WAN. Alternatively, users can update to the latest supported version –

  • v19.5 GA
  • v19.0 MR2 (19.0.2)
  • v19.0 GA, MR1, and MR1-1
  • v18.5 MR5 (18.5.5)
  • v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
  • v18.0 MR3, MR4, MR5, and MR6
  • v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
  • v17.0 MR10

Users running older versions of Sophos Firewall are required to upgrade to receive the latest protections and the relevant fixes.

The development marks the second time a Sophos Firewall vulnerability has come under active attacks within a year. Earlier this March, another flaw (CVE-2022-1040) was used to target organizations in the South Asia region.

CyberSecurity

Then in June 2022, cybersecurity firm Volexity shared more details of the attack campaign, pinning the intrusions on a Chinese advanced persistent threat (APT) known as DriftingCloud.

Sophos firewall appliances have also previously come under attack to deploy what’s called the Asnarök trojan in an attempt to siphon sensitive information.

Cyber Security

Products You May Like

Articles You May Like

Vivo TWS 3, TWS 3 Pro With Up to 49 dB Active Noise Cancellation, Lossless Audio Support Launched
Sony Xperia 10 V May Feature a Snapdragon 6 Gen 1 SoC, More Specifications Leaked
U.K. Police Arrest 142 in Global Crackdown on ‘iSpoof’ Phone Spoofing Service
Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide
Twitter, Other Social Media Apps Fail to Remove Hate Speech, Says EU Review

Leave a Reply

Your email address will not be published. Required fields are marked *