The security software company, Sophos, announced that they discovered a new firewall RCE bug in their firewall product. This is not the first attack like this on the company, and they’ve had a few similar ones in the past year. The company urges anyone using Sophos products to ensure their software is up to date.
This latest attack exploits a ‘critical code injects’ security vulnerability within the Sophos Firewall. Sophos has been aware of this vulnerability for a few weeks and has been observing it to identify who the attack targets were. During their observation, the software security company identified that a small set of organizations within east Asia were being targeted. They have since informed all the organizations at risk.
This bug is being tracked as CVE-2022-3236 and was found within the Sophos Firewall User Portal and Webadmin, allowing cyber attackers to code execution (RCE). The company announced that they’ve already released fixes to eliminate this vulnerability. These hotfixes will roll out automatically to all users who kept the default auto-update feature. This means that if you kept the default setting, you don’t need to take any further steps to address the vulnerability.
This automatic update will only work for newer versions of the Sophos Firewall. Users with older versions are advised to upgrade to a supported version to receive the CVE-2022-3236 patch.
The company reminded users how critical it is to ensure their products are up to date, especially since this isn’t the first attack. In March, there was a similar firewall bug that enabled threats to bypass authentication and execute arbitrary code. Other instances also include when threats abused the XG Firewall SQL injection zero-day in 2020, intending to steal personal data.
Cybersecurity threats are more prevalent than ever, and users should be mindful of keeping their software and security measures up to date. Furthermore, users should act immediately if they suspect a breach. Be sure to check out our article on six free ways you can remain safe online.