Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Attackers abuse web security flaw in Sophos Firewall

A recently resolved vulnerability in Sophos Firewall has been abused by attackers in targeted attacks, the vendor warns.

The critical vulnerability (CVE-2022-3236) poses a remote code execution (RCE) risk.

Sophos Firewall v19.0 MR1 (19.0.1) and older are potentially vulnerable to the security bug in the User Portal and Webadmin of Sophos Firewall.

In a security advisory published on Friday (September 23), Sophos said that it has issued a patch that installs automatically in default installations of its firewall technology.

This is just as well given the vulnerability has already featured in attacks in the wild.

“Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” the vendor’s advisory said. “We have informed each of these organizations directly.

“Sophos will provide further details as we continue to investigate,” it added.

Short of applying a patch, the vulnerability might be mitigated by disabling WAN access to the User Portal and Webadmin, Sophos advises.

The Daily Swig asked Sophos to explain in what ways the vulnerability has been exploited and how the problem was discovered.

In response, Sophos said it was alerted about the zero-day vulnerability by one of its customers. The vendor went on to reiterate that few of its customers were affected by the problem – without saying what issues they may have faced:

A customer notified Sophos, at which time Sophos took immediate steps issue a hotfix, which was already applied last week. This only affected an extremely small subset of organizations.

The vulnerability is noteworthy since it represents a web security flaw in a network security product.

One infosec observer warned that the flaw is of the type that might lend itself to widespread abuse.

“This has a HIGH chance of mass exploitation, given the vulnerability is based on Code Injection (CWE-94) and if we look at the #CISA KEVs, at least 28 of those are Code Injection related,” said threat researcher Immanuel Chavoya in a post about the vulnerability on Twitter.

Source: https://portswigger.net/daily-swig/attackers-abuse-web-security-flaw-in-sophos-firewall

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO