Technology
Web security weakness in Sophos Firewall patched
A recently resolved vulnerability in Sophos Firewall has been abused by attackers in targeted attacks, the vendor warns.
The critical vulnerability (CVE-2022-3236) poses a remote code execution (RCE) risk.
Sophos Firewall v19.0 MR1 (19.0.1) and older are potentially vulnerable to the security bug in the User Portal and Webadmin of Sophos Firewall.
In a security advisory published on Friday (September 23), Sophos said that it has issued a patch that installs automatically in default installations of its firewall technology.
This is just as well given the vulnerability has already featured in attacks in the wild.
“Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” the vendor’s advisory said. “We have informed each of these organizations directly.
“Sophos will provide further details as we continue to investigate,” it added.
Short of applying a patch, the vulnerability might be mitigated by disabling WAN access to the User Portal and Webadmin, Sophos advises.
Daily Swig asked Sophos to explain in what ways the vulnerability has been exploited and how the problem was discovered.
In response, Sophos said it was alerted about the zero-day vulnerability by one of its customers. The vendor went on to reiterate that few of its customers were affected by the problem – without saying what issues they may have faced:
A customer notified Sophos, at which time Sophos took immediate steps to issue a hotfix, which was already applied last week. This only affected an extremely small subset of organizations.
The vulnerability is noteworthy since it represents a web security flaw in a network security product.
One infosec observer warned that the flaw is of the type that might lend itself to widespread abuse.
“This has a HIGH chance of mass exploitation, given the vulnerability is based on Code Injection (CWE-94) and if we look at the #CISA KEVs, at least 28 of those are Code Injection related,” said threat researcher Immanuel Chavoya in a post about the vulnerability on Twitter.
Skylar Grey – Everything I Need [LYRICS]
[Music] Diddy – Dirty Money – “Coming Home” Feat. Skylar Grey
Diddy – Dirty Money – “Coming Home” Feat. Skylar Grey [LYRICS]
[Music] African China – Amen
[Music] African China – Baba God
African China – Baba God [LYRICS]
Machine Gun Kelly (MGK) “Home” Feat X Ambassadors & Bebe Rexha [LYRICS]
Passenger – Let Her Go [LYRICS]
[Music] Eminem – “No Love” Feat. Lil Wayne
Eminem – “No Love” Feat. Lil Wayne [LYRICS]
[Music] Tatiana Manaois – Buzz Kill
Tatiana Manaois – Buzz Kill [LYRICS]
James Blunt – Goodbye My Lover [LYRICS]
Major Lazer – “Particula” Feat. Nasty C , Ice Prince, Patoranking & Jidenna [LYRICS]
James Blunt – You’re Beautiful [LYRICS]
Justin Timberlake – Mirrors [LYRICS]
[Music] Darey – “Pray For Me” feat. Soweto Gospel Choir
Eminem – “Love The Way You Lie” Feat. Rihanna [LYRICS]
Goldlink ft. Miguel – Got Friends [LYRICS]
Sia – I’m Still Here [LYRICS]
Yo Gotti ft. Nicki Minaj – Rake It Up [LYRICS]
Shane McMahon – Here Comes The Money [LYRICS]
Journey – Faithfully [LYRICS]
[Music] Journey – Faithfully
Eminem – Not Afraid [LYRICS]
[Music] Journey – Don’t Stop Believin’
Journey – Don’t Stop Believin’ [LYRICS]
21 Savage – Bank Account [LYRICS]
Demi Lovato – Sober [LYRICS]
Beyonce ft. Jay-Z – Apeshit [LYRICS]
Nasty C ft. ASAP Ferg – King [LYRICS]
Lil Wayne – Uproar [LYRICS]
Ed Sheeran – Perfect [LYRICS]
[Music] Mo’Hits All Star – Close To You
Lil Dicky ft. Chris Brown – Freaky Friday [LYRICS]
Michael Jackson – Stranger In Moscow [LYRICS]
[Music] Celine Dion – I Drove All Night
Celine Dion – I Drove All Night [LYRICS]
Tatiana Manaois – Hey Little Lady [LYRICS]
[Music] Tatiana Manaois – Live Better
[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
[INSTRUMENTAL] John Legend – All Of Me
Alan Walker – Faded [INSTRUMENTAL]
[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
[Music] Sapientdream – Pastlives
Salvation Ministry Choir – Amen [LYRICS]
[Music] Don Omar – Danza Kuduro (feat. Lucenzo)
[Music] The Chainsmokers – ‘Don’t Let Me Down’ Feat. Daya
Ladé – Adulthood Anthem (Adulthood Na Scam) [Lyrics]
[Music] Timbaland – Apologize ft. OneRepublic
[Music] Powfu – Death Bed (Coffee for Your Head) Feat. Beabadoobee
[Music] Wyclef Jean – “Sweetest Girl (Dollar Bill)” Feat. Akon, Lil Wayne, Niia
[Music] Zayn Malik – Entertainer
[Music] Wiz Khalifa – See You Again ft. Charlie Puth
[Music] Exalted Tribe (HICC) – We Dey Halla
[Music] Anna Kendrick – Cups (Pitch Perfect’s “When I’m Gone”)
[Music] Diddy – Dirty Money – “Coming Home” Feat. Skylar Grey
[Music] John Legend – Love Me Now
[Music] Right Said Fred – Stand Up (For the Champions)
[Music] Salvation Ministries Choir – Chioma Me Eh(Good God)
[Music] Celine Dion – If That’s What It Takes
Salvation Ministries Choir – Chioma Me Eh(Good God) [LYRICS]
[Music] P!nk – Try
[Music] Shaggy – Strength Of A Woman
[Music] Jaden Smith – Goku
[Music] Wiz Khalifa – See You Again (Remix) Feat Charlie Puth, Eminem, Tyga, & Chris Brown
[Music] R. Kelly – World’s Greatest
Magic! — Rude [LYRICS]
[Music] Journey – Don’t Stop Believin’
[Music] Justin Bieber – Love Me
[Music] Cardi B – Bartier Cardi ft. 21 Savage
[Music] Lionel Richie – Angel
[Music] Tyga ft. Offset – Taste
[Music] P!nk – “Just Give Me A Reason” Feat. Nate Ruess
[Music] BIG SHAQ – Man’s Not Hot
[Music] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
[Music] Shayne Ward – Breathless
[Music] Post Malone – Candy Paint
[Music] R Kelly – When A Woman Loves
-
Technology2 years agoVoIP Number: Everything You Need To Know
-
Music4 days ago[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
-
Music1 day ago[INSTRUMENTAL] John Legend – All Of Me
-
Music5 days agoAlan Walker – Faded [INSTRUMENTAL]
-
Music2 days ago[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
-
Music4 days ago[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
-
Music1 week ago[Music] Akon – Sorry Blame It On Me
-
ANE Stories6 years ago[STORY] AMAKA THE LESBIAN (Complete Episodes)