- Sophos fixes a zero-day vulnerability, with a CVSS score of 9.8, affecting its firewall solution which is under attack.
- The company stated that the vulnerability is being exploited to attack a small set of specific organizations, mostly in the Sout Asia region.
- Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN.
Security solutions provider, Sophos released a patch to fix a vulnerability found in its firewall product. The company noticed that attackers were exploiting the critical zero-day vulnerability to attack the company’s customers’ network. The vulnerability, tracked as CVE-2022-3236, has a CVSS score of 9.8.
Code injection vulnerability
According to the advisory published by Sophos, the code injection vulnerability allows remote code execution. The vulnerability, which is fixed now, was found in the User Portal and Webadmin of Sophos Firewall. Customers with the “Allow automatic installation of hotfixes” feature enabled don’t need to take any actions.
The vulnerability is being used to attack a small set of specific organizations, mostly in the Sout Asia region. The company informed the affected organizations directly and will provide further details. According to the advisory, Sophos Firewall v19.0 MR1 (19.0.1) and older are affected by the vulnerability.
- Hotfixes for the following versions published on September 21, 2022:
- v19.0 GA, MR1, and MR1-1
- v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
- Hotfixes for the following versions published on September 23, 2022:
- v18.0 MR3, MR4, MR5, and MR6
- v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
- v17.0 MR10
- Fix included in v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), and v19.5 GA
Users of older versions of Sophos Firewall are required to upgrade to receive the latest protections and the fix. Sophos also announced a workaround for the flaw. Users can ensure that their User Portal and Webadmin are not exposed to WAN.