An authentication bypass vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed. Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region.
There is no action required for Sophos Firewall customers with the “Allow automatic installation of hotfixes” feature enabled. Enabled is the default setting.
Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN. Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management.
Check and verify, if the hotfix for CVE-2022-1040 has already been applied to your firewall. Check and verify here…