Sophos Group plc the British based security software and hardware company released a security advisory fixing a critical vulnerability.

On 23^rd September 2022 Sophos stated that “A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. The vulnerability has been fixed.” The vulnerability tracked as CVE-2022-3236 with a CVSS score of 9.8. Versions affected are Sophos Firewall v19.0 MR1 (19.0.1) and older.

“Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region.” The company said in the advisory.

Recommendations

• Upgrade to latest version to receive the latest protections and this fix.
• Enable automatic update in the default firewall settings. So, that Sophos will automatically install hotfixes on devices.
• Ensure admins and users not exposed to external attackers by not exposing wide area networks.

 Sources

https://thehackernews.com/2022/09/hackers-actively-exploiting-new-sophos.html

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce