Monday, June 24, 2024

Sophos Firewall Code Injection Flaw: Let Attackers Execute Remote Code

A critical security flaw has been discovered in the Sophos Firewall User Portal and Webadmin, allowing hackers to execute malicious code remotely.

The vulnerability enables attackers to inject harmful code into the software, which if exploited, can result in a complete takeover of the system and data theft.

The Sophos updated their firewalls to a new version in order to detect new exploit attempts against the older version. This RCE vulnerability has a score of Critical (9.8).

Sophos said that “vulnerable devices are running end-of-life (EOL) firmware. We immediately developed a patch for certain EOL firmware versions, which was automatically applied to the 99% of affected organizations that have “accept hotfix” turned on”.

Sophos Firewall v19.0 MR1 (19.0.1) and older, which was released in 2022, has become outdated. As a result, the firmware on every vulnerable device has reached its end-of-life (EOL).

This means that these devices will no longer receive updates or support, leaving them open to potential security risks and vulnerabilities.

It is important to note that attackers have been on the lookout for firmware and end-of-life (EOL) devices from various technology vendors.

This particular vulnerability has been exploited with the purpose of targeting a specific group of companies, mostly located in South Asia, as reported by Sophos.

Web admin Portals

It is crucial for organizations to take steps to ensure the security of their User Portal and Web admin, by preventing their exposure to the Wide Area Network (WAN).

For remote access and management, it is advisable to utilize either VPN or Sophos Central (which is the recommended choice). To adhere to device access best practices, it is recommended by Sophos to disable WAN access to the User Portal and Webadmin.

The hotfix installation is automatically enabled by default. Follow these steps to confirm this setting:

  • Go to Backup & firmware > Firmware > Hotfix.
  • Turn on Allow automatic installation of hotfixes.
  • Click Apply.

If hotfixes are enabled, but you are not getting them, check the connectivity requirements for the Up2Date component on Sophos Firewall: Default services.

To verify the hotfix
To verify the hotfix

It is crucial for organizations to stay vigilant and take necessary measures to protect their systems and data from potential attacks.


Latest articles

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay...

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef....

Chinese Winnti Group Intensifies Financially Motivated Attacks

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles