Sophos on Monday raised the alarm about a recently patched Sophos Firewall software vulnerability being exploited in attacks. Affecting the User Portal and Webadmin of Sophos Firewall program, the bug is described as an authentication bypass that could lead to remote code execution.
Tracked as CVE-2022-1040 (CVSS score of 9.8), the security hole effects Sophos Firewall version v18.5 MR3 (18.5.3) and older.
“Sophos has observed this vulnerability being used to target a small set of particular companies primarily in the South Asia region. We have informed each of these companies directly,” the company said in an update to its advisory.
The business has actually launched patches for multiple supported Sophos Firewall variations and for a number of models that have actually reached end-of-life (EOL) status, and advises applying the readily available patches right away.
If patching is not possible, consumers can safeguard themselves by making sure that the User Portal and Webadmin are not exposed to the WAN.
There have actually been really few reports of vulnerabilities in Sophos firewalls being exploited in the wild. In April 2020, the business warned that aggressors were making use of a zero-day vulnerability to deliver malware to its XG Firewall software home appliances.