Sophos had to
update old firewall firmware versions due to a security vulnerability (CVE-2022-3236) after attacked by hackers.
There is a code injection flaw in the User Portal and Webadmin of Sophos Firewall. This flaw allows for remote code execution.
By infosecbulletin
/ Wednesday , April 30 2025
Security vulnerabilities in Apple's AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
Google's Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...
Read More
By infosecbulletin
/ Monday , April 28 2025
On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....
Read More
By infosecbulletin
/ Monday , April 28 2025
India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
By infosecbulletin
/ Monday , April 28 2025
Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
By infosecbulletin
/ Monday , April 28 2025
Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
By infosecbulletin
/ Sunday , April 27 2025
A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
ALSO READ:
Bypassing major EDRS using “POOL PARTY”, Hackers revealed
Sophos fixed a security issue in September 2022 after warning about active exploitation in the wild. The issue impacted versions 19.0.1 and older.
By January 2023, more than 4,000 internet-exposed appliances were still vulnerable to attacks, even though the vendor automatically rolled out a hotfix to appliances set to accept security updates.
Many of these appliances were older devices running end-of-life firmware that had to apply mitigations or manually apply the hotfix, and hackers have taken advantage of this gap.
“In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall,” reads the updated security bulletin.
“We immediately developed a patch for certain EOL firmware versions, which was automatically applied to the 99% of affected organizations that have ‘accept hotfix’ turned on.”
“Attackers commonly hunt for EOL devices and firmware from any technology vendor, so we strongly recommend that organizations upgrade their EOL devices and firmware to the latest versions.”
If the auto-update option for hotfixes has been disabled, it is recommended to enable it and then check to confirm the hotfix has been applied.
Update to one of the following versions of Sophos Firewall to fix CVE-2022-3236:
v19.0 GA, MR1, and MR1-1
v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
v18.0 MR3, MR4, MR5, and MR6
v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
v17.0 MR10
v19.0 GA, MR1, and MR1-1
v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
v17.0 MR10
If you have an older version of the Sophos Firewall, you should upgrade to one of the listed releases.