Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
October 5, 2022 - TuxCare expert team
Sophos has warned that attackers are exploiting a critical code injection security vulnerability in the company’s Firewall product. The attackers are exploiting the flaw in the wild.
The vulnerability is tracked as CVE-2022-3236 and resides in the User Portal and Webadmin of the Sophos firewall, allowing remote code execution.
“Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region. We have informed each of these organizations directly. Sophos will provide further details as we continue to investigate. No action is required for Sophos Firewall customers with the ‘Allow automatic installation of hotfixes’ feature enabled on remediated versions (see Remediation section below). Enabled is the default setting,” Sophos explained.
Sophos stated that it has released hotfixes for Sophos Firewall versions affected by the security bug (v19.o MR1 (19.O.1) and older. The company stated that it would automatically roll out the update to all instances since automatic updates are enabled by default.
“No action is required for Sophos Firewall customers with the ‘Allow automatic installation of hotfixes’ feature enabled on remediated versions (see Remediation section below). Enabled is the default setting,” Sophos explained.
Users of older versions of the Sophos firewall would need to upgrade to a supported version to get the CVE-2022-3236 patch.
The company also provided a workaround for customers who could not immediately patch the vulnerable software to ensure that the user portal and the web admin of the firewall are not exposed to WAN access.
“Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central (preferred) for remote access and management,” the company added.
The sources for this piece include an article in BleepingComputer.
Learn About Live Patching with TuxCare
According to CyberArk researchers, GPT-based models like ChatGPT can be...
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...
Deep Instinct researchers reported that RATs like StrRAT and Ratty...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...
A remote attacker could exploit multiple vulnerabilities in four Cisco...
In a notable IcedID malware attack, the assailant impacted the...
Tech Support
Documentation
Login
Contact Us