9.8
CVSSv3

CVE-2022-1040

Published: 25/03/2022 Updated: 27/10/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v18.5 MR3 and older.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sophos sfos

Mailing Lists

Sophos XG115w Firewall version 17010 MR-10 suffers from an authentication bypass vulnerability ...

Github Repositories

CVE-2022-1040 Unauthenticated RCE in sophos webadmin and administrative console Cve-2022-1040 is an authenticated Bypass which leads to RCE, Full chain exploit with multi targets and multi threading Developed in python for reliability and lightweight This package comes with list of servers mostly vulnerable The script: satoshidiskcom/pay/CFUNtj

CVE-2022-1040-RCE cve-2022-1040 is an auth bypass and remote code execution in webmin portal of sophos firewall

CVE-2022-1040 An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v185 MR3 and older authentication complexity vector NONE LOW NETWORK confidentiality integrity availability PARTIAL PARTIAL PARTIAL CVSS Score: 75 References wwwsophoscom/en-us/security-adviso

CVE-2022-1040 : Sophos XG115w Firewall 17010 MR-10 - Authentication Bypass This vulnerability allows an attacker to gain unauthorized access to the firewall management space by bypassing authentication

CVE-2022-1040-sophos-rce

CVE-2022-1040 may the poc with you 外面捡来的 curl --insecure -H "X-Requested-With: XMLHttpRequest" -X POST 'xxxx/userportal/Controller?mode=8700&operation=1&datagrid=179&json=\{"🦞":"test"\}'

Análisis Vulnerabilidad CVE-2022-1040 (Sophos RCE) En el grupo de investigación Toasec, dedicado a ciberseguridad ofensiva nos dimos la tarea de realizar el análisis sobre esta vulnerabilidad en los firewalls de Sophos Dicha vulnerabilidad como muchas otras pueden ser notificadas y encontradas si sabes buscar en twitter, en donde observamos que desde el me

CVE-2022-1040-sophos-rce-poc sophos rce poc sophos webmin portal auth bypass and rce all in one script; The vulnerability affects Sophos Firewall v185 MR3 (1853) and older Mitigation: update to latest version asap supportsophoscom/support/s/article/KB-000043853?language=en_US to avoid misusing of this script its not for free: it contains the script and a freshly du

CVE-2022-1040 Sophos EXploit Here is the Sophos exploit found on 2022-08-04 working on version 17010 MR-10

CVE-2022-1040-rce CVE-2022-1040 is an authentication bypass and rce in user portal and webadmin of sophos firewall

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 请注意所有工具是否有后门或者其他异常行为,建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

Recent Articles

Sophos warns critical firewall bug is being actively exploited
BleepingComputer • Sergiu Gatlan • 29 Mar 2022

British-based cybersecurity vendor Sophos warned that a recently patched Sophos Firewall bug allowing remote code execution (RCE) is now actively exploited in attacks.
The security flaw is tracked as CVE-2022-1040, and it
with a 9.8/10 CVSS base score. 
It enables remote attackers to bypass authentication via the firewall's User Portal or Webadmin interface and execute arbitrary code.
The vulnerability was discovered and reported by an anonymous rese...

Critical Sophos Security Bug Allows RCE on Firewalls
Threatpost • Tara Seals • 28 Mar 2022

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution.
The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects version 18.5 MR3 (18.5.3) and older of the appliance.

An exploit would give attackers control over the device, and enable them to disable the firewall, add new users, or use it as a jumping-...

Critical Sophos Firewall vulnerability allows remote code execution
BleepingComputer • Ax Sharma • 27 Mar 2022

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE).
Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.
On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the company released hotfixes for.
Assigned CVE-2022...

Sophos fixes critical firewall hole exploited by miscreants
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Code-injection bug in your network security... mmm, yum yum

A critical code-injection vulnerability in Sophos Firewall has been fixed — but not before miscreants found and exploited the bug.
The flaw, tracked as CVE-2022-3236, exists in the User Portal and Webadmin components of the firewall in versions 19.0 and older. While it hasn't been issued a CVSS severity score, Sophos deemed it "critical" and noted that it allowed for remote code execution.
"Sophos has observed this vulnerability being used to target a small set of specific org...

Sophos fixes critical hijack flaw in firewall offering
The Register • Jeff Burt • 01 Jan 1970

Get our weekly newsletter Authentication bypass followed by remote-code execution at the network boundary Sophos: Log4Shell would have been a catastrophe without the Y2K-esque mobilisation of engineers

Sophos has patched a remote code execution (RCE) vulnerability in its firewall gear that was disclosed via its bug-bounty program.
The supplier wrote in a brief notice on Friday that an authentication bypass flaw can be potentially exploited over the network or internet by miscreants to execute malicious code on a victim's equipment, hijacking it effectively.
The flaw is present in the User Portal and Webadmin user interfaces of Sophos Firewall. This product, using its Xstream archit...

Sophos Firewall zero-day bug exploited weeks before fix
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.
The security issue has been fixed in the meantime but various threat actors continued to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations.
On March 25, Sophos published a security advisory about CVE-2022-1040, an 
 vulnerability that affects the ...