Primarily in South Asia Mihir Bagwe – March 30, 2022 Source: Sophos states it has actually provided a fix to a crucial RCE
bug understood to be actively made use of mostly in South Asia. Sophos states no action is required by its Firewall program consumers if the”Allow automated setup of hotfixes” feature is made it possible for. Although this feature is allowed by default, variations close to their end of life receive hotfixes that need manual configuration.See Also: 3rd party Threat: Lessons on Log4j The Vulnerability The vulnerability, which is now tracked as CVE-2022-1040,
has a CVSS rating of 9.8 and was reported to Sophos responsibly by an unnamed external security researcher through its bug bounty program, Sophos states in its
security advisory.
The bug is an authentication bypass vulnerability in the User Portal and Webadmin of Sophos Firewall program and allows a remote aggressor to carry out code in all of its versions prior to v18.5 MR3(18.5.3). The Targets Sophos did not discuss the names of the organizations that were targeted, however with a high confidence revealed the area to which they belong.”Sophos has actually observed this vulnerabilitybeing
utilized to target a little set of particular companies mostly in the South Asia region. We have actually notified each of these organizations directly. Sophos will supply further details as we continue to examine,”it says
in the advisory. Since the vulnerability is serious and has been divulged in the open by Sophos, a number of CERTs and cyber agencies in Europe have actually issued signals to inspect and patch the CVE-2022-1040 vulnerability manually, based upon the current version set up. Sophos has plugged a critical vulnerability in its firewall product, which could enable remote code-execution. https://t.co/hnQcppL6Zp
