Sophos Warns of Attacks Exploiting Recent Firewall Vulnerability

Sophos on Monday raised the alarm about a recently patched Sophos Firewall vulnerability being exploited in attacks.

Impacting the User Portal and Webadmin of Sophos Firewall, the bug is described as an authentication bypass that could lead to remote code execution.

Tracked as CVE-2022-1040 (CVSS score of 9.8), the security hole impacts Sophos Firewall version v18.5 MR3 (18.5.3) and older.

“Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region. We have informed each of these organizations directly,” the company said in an update to its advisory.

[ READ: Google Issues Emergency Fix for Chrome Zero-Day ]

The company has released patches for multiple supported Sophos Firewall versions and for a couple of iterations that have reached end-of-life (EOL) status, and recommends applying the available patches immediately.

If patching is not possible, customers can protect themselves by ensuring that the User Portal and Webadmin are not exposed to the WAN.

There have been very few reports of vulnerabilities in Sophos firewalls being exploited in the wild. In April 2020, the company warned that attackers were exploiting a zero-day vulnerability to deliver malware to its XG Firewall appliances.

Related: Details Disclosed for Critical Vulnerability in Sophos Appliances

Related: CISA Adds 66 Vulnerabilities to ‘Must Patch’ List

Related: VMware Patches Critical Vulnerabilities in Carbon Black App Control