Sophos, security software and hardware vendor published a patch update for its firewall product after it identified that hackers were exploiting a new critical zero-day vulnerability to target its users’ network.
The vulnerability tracked as CVE-2022-3236 was spotted in the User Portal and Webadmin of Sophos Firewall, its exploitation can lead to code execution (RCE).
“A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. The vulnerability has been fixed,” the company stated. “Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region. We have informed each of these organizations directly. Sophos will provide further details as we continue to investigate.”
The company says it has released hotfixes for Sophos Firewall versions affected by this security bug (v19.0 MR1 (19.0.1) and older) that will roll out automatically to all instances since automatic updates are enabled by default.
The firm fixed the vulnerability with the released Firewall v19.0 MR1 (19.0.1) and older, and also offered a solution by advising customers not to expose User Portal, and Webadmin to WAN and to disable WAN access to the User Portal and Webadmin. The company also recommended employing VPN and/or Sophos Central (preferred) for remote access and management.
Read the full article here