Critical Sophos Firewall RCE Vulnerability Under Active Exploitation

Cybersecurity business Sophos on Monday warned that a a short while ago patched critical security vulnerability in its firewall product or service is getting actively exploited in actual-environment attacks.

The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring process and impacts Sophos Firewall variations 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the Person Portal and Webadmin interface that, if correctly weaponized, makes it possible for a distant attacker to execute arbitrary code.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

“Sophos has noticed this vulnerability staying employed to concentrate on a little set of certain businesses generally in the South Asia location,” the business pointed out in a revised advisory released Monday. “We have informed every of these businesses straight.”

The flaw has been tackled in a hotfix that’s routinely installed for clients who have the “Permit automated installation of hotfixes” location enabled. As a workaround, Sophos is recommending that consumers disable WAN entry to the Person Portal and Webadmin interfaces.

Furthermore, the British security software package enterprise has delivered for end-of-lifetime unsupported versions 17.5 MR12 by means of MR15, 18. MR3 and MR4, and 18.5 GA, indicative of the severity of the issue.

“Users of more mature versions of Sophos Firewall are demanded to improve to acquire the latest protections and this fix,” Sophos mentioned.

Observed this write-up exciting? Stick to THN on Fb, Twitter  and LinkedIn to examine far more exclusive information we article.