DESCRIPTION:
A code injection vulnerability (CVE-2022-3236) allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall.
AFFECTED RELEASES:
Sophos Firewall v19.0 MR1(19.0.1) and older
SOLUTION:
1. Users and system administrators of affected products are advised to update the version to v18.5MR5(18.5.5), v19.0MR2(19.0.2), v19.5GA, or above. If it is an old version, please update the version to the supported version referred to above and then install the hotfix.
2. Also can log in to User Portal and activate “Allow automatic installation of hotfixes”, the product will check the update every 30 minutes and automatically install the hotfix.
3. After installing the patch, the user can refer to the webpage (https://support.sophos.com/support/s/article/KB-000044539?language=en_US) to check if the hotfix is applied.
4. If the vulnerability is not patched in time, the user can use VPN or Sophos Central for remote access and management, to make sure the User Portal is not exposed to WAN.
REFERENCE:
1. https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
2. https://www.ithome.com.tw/news/153252
3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3236
4. https://nvd.nist.gov/vuln/detail/CVE-2022-3236