Critical Sophos Security Bug Allows RCE on Firewalls
Sophos has recently alerted the public to a critical vulnerability in its firewall product that could allow for remote code execution. The flaw is an authentication bypass issue tracked as CVE-2022-1040 and lies in the User Portal and Webadmin of Sophos Firewall. The flaw affects version 19.5 MR3 and older. If exploited, an attacker could gain control over the device and possess the ability to disable the firewall, add new users, or use the access as an initial point for gaining deeper access into a victim’s network. A CVSS score has not been released for the bug, however, Sophos referred to it as critical.
Sophos has released a hotfix, however, users without automatic updates enabled are encouraged to manually update their appliances. According to the company’s security advisory, there is also a workaround. An independent researcher was credited with finding the flaw via Sophos’ bug bounty. This marks the third bug for the vendor this month, as two others came to light in March.