Critical Sophos Security Bug Allows RCE on Firewalls

The security vendor’s appliance suffers from an authentication-bypass issue.

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution.

The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects version 18.5 MR3 (18.5.3) and older of the appliance.

An exploit would give attackers control over the device, and enable them to disable the firewall, add new users, or use it as a jumping-off point for burrowing deeper into a company’s network.

Sophos did not provide technical details or a CVSS score for the bug, but listed it as “critical.”

The company pushed out a hotfix, but those without automatic updates enabled will need to manually update their appliances. There’s also a workaround, according to the company’s security advisory:

“Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN,” according to Sophos. “Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management.”

An unnamed independent researcher was credited with reporting the flaw

Read More: