Sophos patches critical remote code execution vulnerability in Firewall

Sophos has patched a remote code execution (RCE) vulnerability in the Firewall product line.

Sophos Firewall is an enterprise cybersecurity solution that can adapt to different networks and environments. Firewall includes TLS and encrypted network traffic inspection, deep packet inspection, sandboxing, intrusion prevention systems (IPSs), and visibility features for detecting suspicious and malicious network activity.

On March 25, the cybersecurity company disclosed the RCE, which was privately disclosed to Sophos via the firm’s bug bounty program by an external cybersecurity researcher. Sophos offers financial rewards of between $100 and $20,000 for reports.

Tracked as CVE-2022-1040 and issued a CVSS score of 9.8 by Sophos as a CNA, the vulnerability impacts Sophos Firewall v18.5 MR3 (18.5.3) and older.

According to Sophos’ security advisory, the critical vulnerability is an authentication bypass issue found in the user portal and Webadmin Sophos Firewall access points.

While the vulnerability is now patched, Sophos has not provided further technical details.

Sophos Firewall users will have received a hotfix, in most cases, to tackle the flaw. So if customers have enabled the automatic installation of hotfix updates, they do not need to take further action.

However, if customers are still using older software versions, they may

Read More: