Sophos Fixes Critical Remote Code Execution Flaw in Firewall Products
Sophos has released an emergency update to patch a critical security flaw in its firewall product line. The company explained in its security advisory that the vulnerability, tracked under CVE-2022-1040, when exploited could allow for remote code execution (RCE) on targeted machines.
According to Sophos, this remote code execution vulnerability was first discovered by an external security researcher and it was reported via its bug bounty program. Essentially, the cybersecurity firm said that this security flaw is caused by an authentication bypass bug present in the User Sortal and Webadmin Sophos Firewall access points. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8, and it specifically affects Sophos Firewall v18.5 MR3 (18.5.3) and older.
Fortunately, Sophos has already rolled out an automatic update to patch the remote code execution vulnerability on systems with the “Automatic installation of hotfixes” feature enabled. However, the company recommends that all Sophos Firewall users who are still running older software versions should install the latest updates as soon as possible.
“There is no action required for Sophos Firewall customers with the “Allow automatic installation of hotfixes” feature enabled. Enabled is the default setting,” Sophos explained in its security advisory.
Sophos suggests a workaround to prevent remote code execution attacks
Sophos also suggested a possible workaround for customers looking to block remote code execution attempts by threat actors via the User Portal and Webadmin. The company recommends that organizations disable Wide area network (WAN) access and instead use a virtual private network (VPN) or Sophos Central to secure remote connections.
“Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN. Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management,” Sophos added.
In addition to this new remote code execution vulnerability, Sophos patched two high severity security flaws impacting the Sophos UTM threat management appliance. The first security issue (CVE-2022-0386) is basically a post-auth SQL injection vulnerability. However, the second one, which is being tracked by Sophos under CVE-2022-0652, is a bug related to insecure access permissions.
More in Security
Microsoft Defender for Individuals Gets New Identity Theft Monitoring Capabilities
Oct 4, 2022 | Rabia Noureen
Petri Dish: Cybersecurity vs IT Security with Devolutions
Sep 28, 2022 | Russell Smith
Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator
Sep 22, 2022 | Rabia Noureen
Researchers Warn About New Shikitega Malware Targeting Linux Endpoints and IoT Devices
Sep 12, 2022 | Rabia Noureen
LastPass Confirms Internal Source Code Compromised in Security Breach
Aug 26, 2022 | Rabia Noureen
Avast Gets New Ransomware Shield to Protect Small Businesses
Aug 24, 2022 | Rabia Noureen
Most popular on petri