Sophos Backports Critical Vulnerability Fix for EOL Firewall Firmware

December 13, 2023

Sophos has retroactively implemented a fix for the critical code injection vulnerability, CVE-2022-3236, in its end-of-life (EOL) firewall firmware versions. This move was prompted by the discovery that threat actors were actively exploiting this vulnerability in attacks. The security company found that this particular vulnerability was being used to target a limited number of specific organizations, mainly located in South Asia.

In December 2022, Sophos rolled out security patches to address seven vulnerabilities in the Sophos Firewall version 19.5, which included several arbitrary code execution bugs. The most severe among these was the flaw identified as CVE-2022-3236. The company's advisory stated, “A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin.”

In September, Sophos had raised an alert about this critical code injection security vulnerability (CVE-2022-3236) affecting its Firewall product, which was being exploited in the wild. The company confirmed that this vulnerability was being utilized to target a small set of specific organizations, primarily in the South Asia region. The advisory further read, “The vulnerability was originally fixed in September 2022. In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall.”

No action is necessary if organizations have updated their firewalls to a supported firmware version post-September 2022. All the vulnerable devices were found to be running end-of-life (EOL) firmware. Sophos promptly developed a patch for certain EOL firmware versions, which was automatically applied to 99% of affected organizations that have “accept hotfix” enabled. The company strongly recommends that organizations upgrade their EOL devices and firmware to the latest versions, as attackers commonly target EOL devices and firmware from any technology vendor.

In January 2023, researchers scanned internet-facing Sophos Firewalls and discovered over 4,000 firewalls that were too old to receive a hotfix. The advisory provided a list of remediation measures.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.