Connect with us

Hi, what are you looking for?



Sophos Patches EOL Firewalls Against Exploited Vulnerability

Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit.

UK-based cybersecurity firm Sophos this week announced patches for an exploited vulnerability in Firewall versions that have reached End-of-Life (EOL).

The critical-severity flaw, tracked as CVE-2022-3236, was found to impact versions 19.0 MR1 (19.0.1) and older of the product. It was originally patched in September 2022, but only in supported versions of Sophos Firewall.

Sophos describes the security defect as a code injection issue in the Firewall’s User Portal and Webadmin components, allowing attackers to achieve remote code execution (RCE).

This week, the cybersecurity firm updated its advisory to warn of a new in-the-wild exploit targeting the bug, and to draw attention to fixes it has released for older, EOL product versions.

“In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall,” the company says.

Organizations that have updated their instances to a supported version after September 2022 are protected against these attacks and do not need to take additional action, Sophos says.

However, devices running EOL firmware are vulnerable to the new exploit, and Sophos took immediate action to fix certain versions. The patches have been “automatically applied to the 99% of affected organizations that have ‘accept hotfix’ turned on,” the company says.

Starting December 6, Sophos has been rolling out hotfixes for Firewall versions 19.0 GA, MR1, and MR1-1; 18.5 GA, MR1, MR1-1, MR2, MR3, and MR4; and 17.0 MR10.

Advertisement. Scroll to continue reading.

Sophos has included the fixes in Firewall versions 18.5 MR5 (18.5.5), 19.0 MR2 (19.0.2), and 19.5 GA, and urges customers using older iterations of the product to upgrade to receive the fixes.

“Attackers commonly hunt for EOL devices and firmware from any technology vendor, so we strongly recommend that organizations upgrade their EOL devices and firmware to the latest versions,” the company notes.

Last year, Sophos warned that the flaw had been exploited in attacks targeting “a small set of specific organizations, primarily in the South Asia region”. The company has not shared details on the recently observed attacks.

Related: CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability

Related: Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance

Related: Several Code Execution Vulnerabilities Patched in Sophos Firewall

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.