Sophos has patched up a high-severity vulnerability that allowed threat actors to remotely execute any code, including viruses and malware, on an endpoint running its firewall software.
As reported by BleepingComputer, the company has pushed a fix for CVE-2022-1040, an authentication bypass vulnerability that’s been given a severity score of 9.8/10.
It was discovered in the User Portal and Webadmin features of the Sophos Firewall solution.
Workaround available
Sophos says the patch will be automatically downloaded and installed for the majority of the users.
“There is no action required for Sophos Firewall customers with the ‘Allow automatic installation of hotfixes' feature enabled. Enabled is the default setting,” said the firm in a security advisory.
However, should users run an older version, or one that’s already reached end of life, they will need to apply the patch manually. And those that are unable to install the fix at this time are advised to secure the vulnerable points – User Portal and Webadmin – via a workaround.
“Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN,” the advisory states. “Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management.”
It’s been a busy month for the Sophos team, which last week fixed two high severity vulnerabilities in Sophos Unified Threat Management appliances: CVE-2022-0386 and CVE-2022-0652.
Sophos is a UK-based cybersecurity and network security software developer, focused mostly on security software for organizations with up to 5,000 employees. It was founded in 1985, but pivoted towards cybersecurity in the late 1990s.
In 2019, it was acquired by US-based private equity firm, Thoma Bravo, for approximately $3.9 billion ($7.40 per share).
Via BleepingComputer
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba