Advisory for Sophos Security Update

  • NIC-CERT/2022-03/161
  • Date: 2022-03-29
  • CVE ID: Multiple
  • Severity: High

A. Description:

Sophos has released security updates to fix vulnerabilities. An attacker could exploit these vulnerabilities to compromise the target server.

B. Security Issues Fixed:

An authentication bypass vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall and responsibly disclosed to Sophos. It was reportedvia the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed.

There is no action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.

C. CVE Id and Affected Products:

CVE ID

Affected Products

Walkaround

CVE-2022-1040

Sophos Firewall v18.5 MR3 (18.5.3) and older

Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN.

Disable WAN access to the User Portal and Webadmin by followingdevice access best practicesand instead use VPN and/or Sophos Central for remote access and management.

D. References:

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1040
  • https://www.sophos.com/en-us/security-advisories