Home Latest Cyber Security News | Network Security Hacking Sophos Fixed A Critical RCE Vulnerability In Sophos Firewall

Sophos Fixed A Critical RCE Vulnerability In Sophos Firewall

by Abeerah Hashim
JetBrains patched vulnerability exposing GitHub access tokens via IntelliJ IDE GitHub plugin

Sophos has recently rolled out a significant update to its Firewall, addressing a critical vulnerability. Exploiting the bug could allow remote code execution attacks. Users are urged to update ASAP.

Sophos Firewall Vulnerability

The security firm Sophos has shared the details of a remote code execution vulnerability in a recent advisory.

As revealed, an external security researcher discovered the critical vulnerability affecting the User Portal and Webadmin of Sophos Firewall. Exploiting the bug could allow an authenticated user for remote code execution on target systems.

The vulnerability, identified as CVE-2022-1040, has received a critical severity rating, with a CVSS score of 9.8.

This vulnerability affected the Sophos Firewall v18.5 MR3 (18.5.3) and earlier. Upon discovering the bug, the researcher responsibly disclosed it to Sophos. Consequently, the firm patched the flaw with the release of Sophos Firewall v19.0 GA and v18.5 MR4 (18.5.4). Besides, Sophos also pushed a few hotfixes meanwhile to protect users’ devices.

Although, downloading the latest updates does not require manual input from the users. But users must ensure to have the “Allow automatic installation of hotfixes” setting enabled on their systems. Otherwise, manually updating the Firewall is necessary to get the bug fix.

In addition, Sophos has also shared a separate advisory for users to verify the implementation of hotfix on their systems.

While the vendors have patched the bug, they have also shared a workaround to mitigate the flaw for users who can’t manage to apply the updates. Specifically, Sophos recommends users disconnect User Portal and Webadmin from WAN to prevent external threats. As stated,

Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management.

The service hasn’t shared any further details about the vulnerability, the researcher who reported the bug, and the bug bounty awarded for this report.

Let us know your thoughts in the comments.

You may also like