Sophos has patched a remote code execution (RCE) vulnerability in the Firewall product line.

Sophos Firewall is an enterprise cybersecurity solution that can adapt to different networks and environments. Firewall includes TLS and encrypted network traffic inspection, deep packet inspection, sandboxing, intrusion prevention systems (IPSs), and visibility features for detecting suspicious and malicious network activity.

Security

Cyber security 101: Protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Read now

On March 25, the cybersecurity company disclosed the RCE, which was privately disclosed to Sophos via the firm's bug bounty program by an external cybersecurity researcher. Sophos offers financial rewards of between$100 and$20,000 for reports.

Tracked as CVE-2022-1040 and issued a CVSS score of 9.8 by Sophos as a CNA, the vulnerability impacts Sophos Firewall v18.5 MR3 (18.5.3) and older.

According to Sophos' security advisory, the critical vulnerability is an authentication bypass issue found in the user portal and Webadmin Sophos Firewall access points.

While the vulnerability is now patched, Sophos has not provided further technical details.

Sophos Firewall users will have received a hotfix, in most cases, to tackle the flaw. So if customers have enabled the automatic installation of hotfix updates, they do not need to take further action.

However, if customers are still using older software versions, they may have to update their builds to a newer version to stay protected.

There is also a general workaround to mitigate the risk of attacks made through the user portal and Webadmin. Users can disable WAN access to these platforms entirely, and Sophos recommends using a virtual private network (VPN) alongside Sophos Central to improve the security of remote connections.

Earlier this month, Sophos resolved CVE-2022-0386 and CVE-2022-0652, two vulnerabilities in Sophos UTM threat management appliance. CVE-2022-0386 is a high-severity post-auth SQL injection vulnerability, whereas CVE-2022-0652 is an insecure access permissions bug. 

See also

• Trio of RCE CVSS 10 vulnerabilities among 15 CVEs in Cisco small business routers
  
• New RCE flaw added to Adobe Commerce, Magento security advisory
  
• RCE is back: VMware details file upload vulnerability in vCenter Server
  

---

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0

---

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next

• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone
• The best VPN services: How do the top 5 compare?
• How to find out if you are involved in a data breach -- and what to do next