Sophos Firewall is an enterprise cybersecurity solution that can adapt to different networks and environments. The firewall includes Transport Layer Security (TLS) and encrypted network traffic inspection, deep packet inspection, sandboxing, intrusion prevention systems (IPSs), and visibility capabilities to detect suspicious and malicious network activity.
On March 25, the cybersecurity company announced the RCE reported to Sophos by an external cybersecurity researcher through the company’s bug bounty program. Sophos offers financial rewards ranging from $100 to $20,000 for reports.
The vulnerability is listed as CVE-2022-1040 and rated by Sophos as a CNA with a CVSS score of 9.8, so it is very serious. It affects Sophos Firewall v18.5 MR3 (18.5.3) and earlier.
According to Sophos Security Advisory, the critical vulnerability is an authentication bypass issue found in the Sophos Firewall user portal and webadmin entry points.
The vulnerability has now been patched, but Sophos has not disclosed any further technical details.
In most cases, Sophos Firewall users have received a hotfix that addresses the vulnerability. So if customers have enabled automatic installation of hotfix updates, they don’t need to take any further action.
However, if customers are still using older software versions, they may need to update their builds to a newer version to be protected. There is also a general workaround to mitigate the risk of user portal and webadmin attacks. Users can completely disable WAN access on these platforms. Sophos recommends running a virtual private network () to improve the security of remote connections.
Earlier this month, Sophos fixed two vulnerabilities CVE-2022-0386 and CVE-2022-0652 in the Sophos UTM Threat Management Appliance. CVE-2022-0386 is a highly dangerous post-auth SQL injection vulnerability, while CVE-2022-0652 is an insecure access permissions bug.