CVE-2022-1040

British-based cybersecurity vendor Sophos warned that a recently patched Sophos Firewall bug allowing remote code execution (RCE) is now actively exploited in attacks.
The security flaw is tracked as CVE-2022-1040, and it
with a 9.8/10 CVSS base score. 
It enables remote attackers to bypass authentication via the firewall's User Portal or Webadmin interface and execute arbitrary code.
The vulnerability was discovered and reported by an anonymous rese...

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution.
The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects version 18.5 MR3 (18.5.3) and older of the appliance.

An exploit would give attackers control over the device, and enable them to disable the firewall, add new users, or use it as a jumping-...

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE).
Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.
On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the company released hotfixes for.
Assigned CVE-2022...

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Code-injection bug in your network security... mmm, yum yum

A critical code-injection vulnerability in Sophos Firewall has been fixed — but not before miscreants found and exploited the bug.
The flaw, tracked as CVE-2022-3236, exists in the User Portal and Webadmin components of the firewall in versions 19.0 and older. While it hasn't been issued a CVSS severity score, Sophos deemed it "critical" and noted that it allowed for remote code execution.
"Sophos has observed this vulnerability being used to target a small set of specific org...

Get our weekly newsletter Authentication bypass followed by remote-code execution at the network boundary Sophos: Log4Shell would have been a catastrophe without the Y2K-esque mobilisation of engineers

Sophos has patched a remote code execution (RCE) vulnerability in its firewall gear that was disclosed via its bug-bounty program.
The supplier wrote in a brief notice on Friday that an authentication bypass flaw can be potentially exploited over the network or internet by miscreants to execute malicious code on a victim's equipment, hijacking it effectively.
The flaw is present in the User Portal and Webadmin user interfaces of Sophos Firewall. This product, using its Xstream archit...

Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.
The security issue has been fixed in the meantime but various threat actors continued to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations.
On March 25, Sophos published a security advisory about CVE-2022-1040, an 
 vulnerability that affects the ...