Sophos Firewall Remote Code Execution Vulnerability

Last Update Date: 27 Sep 2022 Release Date: 26 Sep 2022 7449 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Sophos Firewall. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note: Sophos stated that the vulnerability CVE-2022-3236 within the Sophos Firewall firmware was used to target a small subset of organisations.

Impact

  • Remote Code Execution

System / Technologies affected

  • Sophos Firewall version prior to v19.0 MR1 (19.0.1)

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

 

Note: There is no action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.

Vulnerability Identifier

Source

Related Link

Related Tags

SophosRemote Code ExecutionExploit In The Wild

Share with

Previous

Mozilla Firefox Multiple Vulnerabilities

21 Sep 2022 6395 Views

Next

Google Chrome Multiple Vulnerabilities

28 Sep 2022 5545 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY