Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released
Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers’ network.
The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution.
The company said it “has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” adding it directly notified these entities.
As a workaround, Sophos is recommending that users take steps to ensure that the User Portal and Webadmin are not exposed to WAN. Alternatively, users can update to the latest supported version –
- v19.5 GA
- v19.0 MR2 (19.0.2)
- v19.0 GA, MR1, and MR1-1
- v18.5 MR5 (18.5.5)
- v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
- v18.0 MR3, MR4, MR5, and MR6
- v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
- v17.0 MR10
Users running older versions of Sophos Firewall are required to upgrade to receive the latest protections and the relevant fixes.
The development marks the second time a Sophos Firewall vulnerability has come under active attacks within a year. Earlier this March, another flaw (CVE-2022-1040) was used to target organizations in the South Asia region.
Then in June 2022, cybersecurity firm Volexity shared more details of the attack campaign, pinning the intrusions on a Chinese advanced persistent threat (APT) known as DriftingCloud.
Sophos firewall appliances have also previously come under attack to deploy what’s called the Asnarök trojan in an attempt to siphon sensitive information.
The “Malware Analysis Market” research examines market estimates and predictions in nice detail. It additionally aids within the execution of those findings by demonstrating tangible benefits to business stakeholders and business leaders. each company should anticipate however their product are going to be utilized in the longer term. Given this level of uncertainty caused by the COVID-19 state of affairs, this analysis is essential for higher understanding previous disruptions and increasing readiness for successive steps in decision-making. the foremost recent study makes an attempt to alter the advanced marketplace for company executives by providing strategic insights and exhibiting resiliency in sudden conditions. The insights will assist all potential readers in distinguishing necessary business bottlenecks.
The primary objective of the report is to educate business owners and assist them in making an astute investment in the market. The study highlights regional and sub-regional insights with corresponding factual and statistical analysis. The report includes first-hand, the latest data, which is obtained from the company website, annual reports, industry-recommended journals, and paid resources. The Malware Analysis report will facilitate business owners to comprehend the current trend of the market and make profitable decisions.
Market Leaders Profiled:
- FireEye (US)
- Trend Micro (Japan)
- Cisco Systems Inc. (US)
- Sophos Group (US)
- Symantec Corporation (US)
- Palo Alto Networks
- Inc. (US)
- Check Point Software Technologies (US)
- Kaspersky Lab (Russia)
- Qualys (US)
- McAfee (US)
- Fortinet (US)
- Intezer (Israel)
- VMRay (Germany)
- Proofpoint (US)
- AT&T Inc. (US)
- VIPRE (J2Global) (US)
- Crowdstrike (US)
- Cylance (Blackberry) (US)
- Lastline (US)
- Juniper Networks (US)
- Fidelis Security (US)
- Joe Security (Switzerland)
- Forcepoint (US)
- Malwarebytes (US)
Report Analysis & Segments:
The Malware Analysis is segmented as per the type of product, application, and geography. All of the segments of the Malware Analysis are carefully analyzed based on their market share, CAGR, value and volume growth, and other important factors. We have also provided Porter’s Five Forces…