Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild.
The CVE-2022-3236 flaw resides in the User Portal and Webadmin of Sophos Firewall, its exploitation can lead to code execution (RCE).
“A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. The vulnerability has been fixed.” reads the advisory published by the security firm. “Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region. We have informed each of these organizations directly. Sophos will provide further details as we continue to investigate.”
The company addressed the issue with the released Firewall v19.0 MR1 (19.0.1) and older, it also provided workaround by recommending customers not expose User Portal, and Webadmin to WAN and disable WAN access to the User Portal and Webadmin. The company recommends to use VPN and/or Sophos Central (preferred) for remote access and management.
Customers using older Firewall versions would have to upgrade to a supported version.
