Technology
Web security weakness in Sophos Firewall patched
A recently resolved vulnerability in Sophos Firewall has been abused by attackers in targeted attacks, the vendor warns.
The critical vulnerability (CVE-2022-3236) poses a remote code execution (RCE) risk.
Sophos Firewall v19.0 MR1 (19.0.1) and older are potentially vulnerable to the security bug in the User Portal and Webadmin of Sophos Firewall.
In a security advisory published on Friday (September 23), Sophos said that it has issued a patch that installs automatically in default installations of its firewall technology.
This is just as well given the vulnerability has already featured in attacks in the wild.
“Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” the vendor’s advisory said. “We have informed each of these organizations directly.
“Sophos will provide further details as we continue to investigate,” it added.
Short of applying a patch, the vulnerability might be mitigated by disabling WAN access to the User Portal and Webadmin, Sophos advises.
Daily Swig asked Sophos to explain in what ways the vulnerability has been exploited and how the problem was discovered.
In response, Sophos said it was alerted about the zero-day vulnerability by one of its customers. The vendor went on to reiterate that few of its customers were affected by the problem – without saying what issues they may have faced:
A customer notified Sophos, at which time Sophos took immediate steps to issue a hotfix, which was already applied last week. This only affected an extremely small subset of organizations.
The vulnerability is noteworthy since it represents a web security flaw in a network security product.
One infosec observer warned that the flaw is of the type that might lend itself to widespread abuse.
“This has a HIGH chance of mass exploitation, given the vulnerability is based on Code Injection (CWE-94) and if we look at the #CISA KEVs, at least 28 of those are Code Injection related,” said threat researcher Immanuel Chavoya in a post about the vulnerability on Twitter.
[Music] Chief Oyerigha Echo Toikumoh – The Earlier The Better
Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola’s place at Manchester City
Alan Shearer reckons Liverpool star is ‘not going to get better’
NECO examiners threaten nationwide protest over unpaid entitlements
Jonathan congratulates Trump on historic election win
Peter Obi can become president in 2027 — Yunusa Tanko
Dua Lipa forced to cancel show after ‘unforeseen safety issues’
Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024
‘Phoenix Fury’ bags Best Film award at the 13th edition of AFRIFF
Vivo begins teasing new Dimensity 9400 flagships internationally
Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life
Manchester United players warned ‘only one is safe’ under Ruben Amorim
Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight
IG orders punishment for errant cops
Be ready to recover stolen mandate — Ighodalo tells PDP
No part of Ogun will be ceded under my watch — Dapo Abiodun
Ruger calls out auto tune and hype culture in music
I hate to play same role repeatedly — Actress Bimbo Akintola
Fans split on Davido, Wizkid, and Burna Boy’s Grammy nominations
Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung’s rival iPhone 17 Air
Realme names first smartphone to get Android 15 beta worldwide
England interim manager tipped for surprise Premier League job
Hakim Ziyech mocks Israeli supporters attacked in Amsterdam
Court jails seven for internet fraud in Kaduna
Edo APC criticizes Obaseki’s last-minute appointments
Edo PDP announces caretaker committee
Tems makes history after securing 3 nominations for the 67th Grammys
Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history
Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
2025 GRAMMY: Academy unveils category changes ahead of nomination event
[STORY] THE PASTOR’S DAUGHTER (Final Episode 13)
[STORY] THE PASTOR’S DAUGHTER (Episode 12)
[STORY] THE PASTOR’S DAUGHTER (Episode 11)
[STORY] THE PASTOR’S DAUGHTER (Episode 10)
[STORY] THE PASTOR’S DAUGHTER (Episode 09)
[STORY] THE PASTOR’S DAUGHTER (Episode 08)
[STORY] THE PASTOR’S DAUGHTER (Episode 07)
[STORY] THE PASTOR’S DAUGHTER (Episode 06)
[STORY] THE PASTOR’S DAUGHTER (Episode 05)
[STORY] THE PASTOR’S DAUGHTER (Episode 04)
-
Technology2 years agoVoIP Number: Everything You Need To Know
-
Music2 weeks ago[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
-
Music2 weeks ago[INSTRUMENTAL] John Legend – All Of Me
-
Music2 weeks agoAlan Walker – Faded [INSTRUMENTAL]
-
Music2 weeks ago[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
-
Music2 weeks ago[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
-
ANE Stories3 months ago[STORY] AMAKA THE LESBIAN (Complete Episodes)
-
Music3 weeks ago[Music] Akon – Sorry Blame It On Me