Published: 25/03/2022 Updated: 31/03/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v18.5 MR3 and older.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sophos sfos

Github Repositories

CVE-2022-1040-RCE cve-2022-1040 is an auth bypass and remote code execution in webmin portal of sophos firewall

CVE-2022-1040-sophos-rce-poc sophos rce poc sophos webmin portal auth bypass and rce all in one script; The vulnerability affects Sophos Firewall v185 MR3 (1853) and older Mitigation: update to latest version asap supportsophoscom/support/s/article/KB-000043853?language=en_US to avoid misusing of this script its not for free: it contains the script and a freshly du


CVE-2022-1040 may the poc with you 外面捡来的 curl --insecure -H "X-Requested-With: XMLHttpRequest" -X POST 'xxxx/userportal/Controller?mode=8700&operation=1&datagrid=179&json=\{"🦞":"test"\}'

CVE-2022-1040-rce CVE-2022-1040 is an authentication bypass and rce in user portal and webadmin of sophos firewall

Recent Articles

Sophos warns critical firewall bug is being actively exploited
BleepingComputer • Sergiu Gatlan • 29 Mar 2022

British-based cybersecurity vendor Sophos warned that a recently patched Sophos Firewall bug allowing remote code execution (RCE) is now actively exploited in attacks.
The security flaw is tracked as CVE-2022-1040, and it
with a 9.8/10 CVSS base score. 
It enables remote attackers to bypass authentication via the firewall's User Portal or Webadmin interface and execute arbitrary code.
The vulnerability was discovered and reported by an anonymous rese...

Critical Sophos Security Bug Allows RCE on Firewalls
Threatpost • Tara Seals • 28 Mar 2022

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution.
The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects version 18.5 MR3 (18.5.3) and older of the appliance.

An exploit would give attackers control over the device, and enable them to disable the firewall, add new users, or use it as a jumping-...

Critical Sophos Firewall vulnerability allows remote code execution
BleepingComputer • Ax Sharma • 27 Mar 2022

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE).
Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.
On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the company released hotfixes for.
Assigned CVE-2022...

Sophos fixes critical hijack flaw in firewall offering
The Register • Jeff Burt • 01 Jan 1970

Get our weekly newsletter Authentication bypass followed by remote-code execution at the network boundary Sophos: Log4Shell would have been a catastrophe without the Y2K-esque mobilisation of engineers

Sophos has patched a remote code execution (RCE) vulnerability in its firewall gear that was disclosed via its bug-bounty program.
The supplier wrote in a brief notice on Friday that an authentication bypass flaw can be potentially exploited over the network or internet by miscreants to execute malicious code on a victim's equipment, hijacking it effectively.
The flaw is present in the User Portal and Webadmin user interfaces of Sophos Firewall. This product, using its Xstream archit...