Security researchers at VulnCheck discovered a critical vulnerability (CVE-2022-3236) in thousands of Sophos firewall systems exposed to the internet. This flaw allows attackers to remotely execute malware by injecting malicious code through the user portal and Webadmin interface.
The vulnerability was patched by Sophos last September with a hotfix, followed by a full patch and strong urging for users to update immediately. Despite these efforts, over 4,400 firewalls, roughly 6% of all internet-facing Sophos devices, remain unpatched. This highlights a concerning gap between patch availability and user application.
VulnCheck researchers were able to trigger the exploit themselves, demonstrating its potential for malicious actors. They recommend that Sophos users check specific log files for signs of attempted exploitation.
There’s a silver lining here, but it’s thin. A CAPTCHA challenge during web client authentication makes mass exploitation unlikely. However, targeted attacks are still a significant threat.
To mitigate this critical vulnerability, Sophos firewall users should prioritize patching their systems to the latest versions. Businesses should also implement robust patch management practices to ensure timely updates and minimize security risks.
