Sophos Fixes Critical Remote Code Execution Flaw in Firewall Products
Sophos has released an emergency update to patch a critical security flaw in its firewall product line. The company explained in its security advisory that the vulnerability, tracked under CVE-2022-1040, when exploited could allow for remote code execution (RCE) on targeted machines.
According to Sophos, this remote code execution vulnerability was first discovered by an external security researcher and it was reported via its bug bounty program. Essentially, the cybersecurity firm said that this security flaw is caused by an authentication bypass bug present in the User Sortal and Webadmin Sophos Firewall access points. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8, and it specifically affects Sophos Firewall v18.5 MR3 (18.5.3) and older.
Fortunately, Sophos has already rolled out an automatic update to patch the remote code execution vulnerability on systems with the “Automatic installation of hotfixes” feature enabled. However, the company recommends that all Sophos Firewall users who are still running older software versions should install the latest updates as soon as possible.
“There is no action required for Sophos Firewall customers with the “Allow automatic installation of hotfixes” feature enabled. Enabled is the default setting,” Sophos explained in its security advisory.
Sophos suggests a workaround to prevent remote code execution attacks
Sophos also suggested a possible workaround for customers looking to block remote code execution attempts by threat actors via the User Portal and Webadmin. The company recommends that organizations disable Wide area network (WAN) access and instead use a virtual private network (VPN) or Sophos Central to secure remote connections.
“Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN. Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management,” Sophos added.
In addition to this new remote code execution vulnerability, Sophos patched two high severity security flaws impacting the Sophos UTM threat management appliance. The first security issue (CVE-2022-0386) is basically a post-auth SQL injection vulnerability. However, the second one, which is being tracked by Sophos under CVE-2022-0652, is a bug related to insecure access permissions.
More in Security
CISA Advises Federal Agencies to Patch Windows LSA Flaw Affecting Domain Controllers
Jul 5, 2022 | Rabia Noureen
Microsoft Defender for Endpoint Now Detects Network Threats on Android and iOS Devices
Jul 5, 2022 | Rabia Noureen
Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Jun 30, 2022 | Rabia Noureen
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
Jun 24, 2022 | Rabia Noureen
Most popular on petri