Vulnerability Alert - Sophos Firewall
Sophos released a new version of Sophos Firewall to solve a critical RCE vulnerability (CVE-2022-3236). It relates to a code injection vulnerability allowing remote code execution in the User Portal and Webadmin of the product.
This vulnerability is being actively exploited.
It allows an attacker to achieve remote code execution.
No action is required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. However, the customers without this feature enable, it is recommended to upgrade the version of your product. To confirm that the hotfix has been applied to your firewall, please refer to [2].
Additionally, it is recommended that customers could protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN. [3]