Sophos Firewall Remote Code Execution Vulnerability

Last Update Date: 30 Mar 2022 Release Date: 28 Mar 2022 4609 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Sophos Firewall. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.

 

[Updated on 2022-03-30] CVE-2022-1040 is being exploited in the wild and the risk level is changed from medium risk to extremely high risk correspondingly.

Impact

  • Remote Code Execution

System / Technologies affected

  • Sophos Firewall version prior to v18.5 MR3 (18.5.3)

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce

 

Note: There is no action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.

Vulnerability Identifier

Source

Related Link

Related Tags

SophosRemote Code ExecutionExploit In The Wild

Share with

Previous

Google Chrome Multiple Vulnerabilities

30 Mar 2022 4416 Views

Next

Linux Kernel Multiple Vulnerabilities

31 Mar 2022 4058 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY