Sophos Backports Critical Vulnerability Fix for EOL Firewall Firmware
December 13, 2023
Sophos has retroactively implemented a fix for the critical code injection vulnerability, CVE-2022-3236, in its end-of-life (EOL) firewall firmware versions. This move was prompted by the discovery that threat actors were actively exploiting this vulnerability in attacks. The security company found that this particular vulnerability was being used to target a limited number of specific organizations, mainly located in South Asia.
In December 2022, Sophos rolled out security patches to address seven vulnerabilities in the Sophos Firewall version 19.5, which included several arbitrary code execution bugs. The most severe among these was the flaw identified as CVE-2022-3236. The company's advisory stated, “A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin.”
In September, Sophos had raised an alert about this critical code injection security vulnerability (CVE-2022-3236) affecting its Firewall product, which was being exploited in the wild. The company confirmed that this vulnerability was being utilized to target a small set of specific organizations, primarily in the South Asia region. The advisory further read, “The vulnerability was originally fixed in September 2022. In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall.”
No action is necessary if organizations have updated their firewalls to a supported firmware version post-September 2022. All the vulnerable devices were found to be running end-of-life (EOL) firmware. Sophos promptly developed a patch for certain EOL firmware versions, which was automatically applied to 99% of affected organizations that have “accept hotfix” enabled. The company strongly recommends that organizations upgrade their EOL devices and firmware to the latest versions, as attackers commonly target EOL devices and firmware from any technology vendor.
In January 2023, researchers scanned internet-facing Sophos Firewalls and discovered over 4,000 firewalls that were too old to receive a hotfix. The advisory provided a list of remediation measures.
Latest News
- Critical Apache Struts Vulnerability Targeted by Hackers Using Public Proof-of-Concept
- Microsoft's December 2023 Patch Tuesday Addresses 34 Vulnerabilities, Including an AMD Zero-Day
- Critical RCE Vulnerability in WordPress Backup Migration Plug-in Puts Thousands of Websites at Risk
- Apple Releases Emergency Security Updates to Address Zero-Day Flaws on Older Devices
- Lazarus Group Exploits Log4j Security Flaws to Launch Global Cyberattack Campaign
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.