{"id":204116,"date":"2022-09-27T11:12:21","date_gmt":"2022-09-27T09:12:21","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=204116"},"modified":"2025-07-01T20:25:51","modified_gmt":"2025-07-02T03:25:51","slug":"sophos-warning-firewall-rce-bug","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/sophos-warning-firewall-rce-bug\/","title":{"rendered":"Sophos releases a warning about a new firewall RCE bug"},"content":{"rendered":"\n

The security software company, Sophos, announced that they discovered a new firewall RCE bug<\/strong> in their firewall product. This is not the first attack like this on the company, and they\u2019ve had a few similar ones in the past year. The company urges anyone using Sophos products to ensure their software is up to date<\/strong>.<\/p>\n\n\n

\r\n
\r\n
\r\n
\r\n \"Sophos\r\n <\/div>\r\n
\r\n Sophos Home Free Security<\/span>\r\n DOWNLOAD<\/a>\r\n <\/div>\r\n
\r\n <\/path><\/path><\/text><\/svg>\r\n <\/div>\r\n <\/div>\r\n
\r\n <\/span>\r\n <\/div>\r\n
\r\n \r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n<\/div>\n\n\n\n

This latest attack exploits a \u2018critical code injects\u2019 security vulnerability<\/strong> within the Sophos Firewall. Sophos has been aware of this vulnerability for a few weeks and has been observing it to identify who the attack targets were. During their observation, the software security company identified that a small set of organizations within east Asia were being targeted<\/strong>. They have since informed all the organizations at risk.<\/p>\n\n\n\n

This bug is being tracked as CVE-2022-3236 and was found within the Sophos Firewall User Portal and Webadmin, allowing<\/strong> cyber attackers to code execution (RCE). The company announced that they\u2019ve already released fixes<\/strong> to eliminate this vulnerability. These hotfixes will roll out automatically<\/a> to all users who kept the default auto-update feature. This means that if you kept the default setting, you don\u2019t need to take any further steps to address the vulnerability.<\/p>\n\n\n\n

This automatic update will only work for newer versions<\/strong> of the Sophos Firewall. Users with older versions are advised to upgrade to a supported version to receive the CVE-2022-3236 patch.\u00a0<\/p>\n\n\n\n

\"Sophos<\/figure><\/div>\n\n\n\n

The company reminded users how critical it is to ensure their products are up to date<\/strong>, especially since this isn\u2019t the first attack. In March, there was a similar firewall bug<\/strong> that enabled threats to bypass authentication and execute arbitrary code. Other instances also include when threats abused the XG Firewall SQL injection zero-day<\/strong> in 2020, intending to steal personal data.<\/p>\n\n\n\n

Cybersecurity threats are more prevalent than ever, and users should be mindful of keeping their software and security measures up to date. Furthermore, users should act immediately if they suspect a breach. Be sure to check out our article on six free ways you can remain safe online<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

The security software company, Sophos, announced that they discovered a new firewall RCE bug in their firewall product. This is not the first attack like this on the company, and they\u2019ve had a few similar ones in the past year. The company urges anyone using Sophos products to ensure their software is up to date. … Continue reading “Sophos releases a warning about a new firewall RCE bug”<\/span><\/a><\/p>\n","protected":false},"author":9221,"featured_media":204123,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[2817],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-204116","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectionsophos-home"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/204116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9221"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=204116"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/204116\/revisions"}],"predecessor-version":[{"id":323141,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/204116\/revisions\/323141"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/204123"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=204116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=204116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=204116"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=204116"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=204116"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=204116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}