3 critical vulnerabilities in Sophos Firewall and other company products

Sophos security teams announced the fixing of a critical remote code execution (RCE) vulnerability in the Sophos Firewall family of products for home and enterprise environments. Sophos Firewall includes TLS and encrypted network traffic inspection, sandboxing, packet scanning, and intrusion prevention systems.

Tracked as CVE-2022-1040, the vulnerability received a score of 9.8/10 under the Common Vulnerability Scoring System (CVSS) and resides in Sophos Firewall v18.5 MR3 and earlier.

This error was described as an authentication evasion issue found in the user portal and Webadmin Sophos Firewall access points. The fault has already been addressed, although no additional technical details have been shared due to the fact that the risk of exploitation is still active.

Sophos Firewall users with automatic update installation should have already received the patch, although the company invites users who do not receive automatic updates to verify that their systems are running the latest software versions available.

A workaround is based on completely disabling WAN access to the user portal, in addition to using a virtual private network (VPN) solution to mitigate the risk of attack.

In addition to fixing this critical vulnerability, Sophos announced the release of two updates to address flaws in its Unified Threat Management (UTM) solution. Tracked as CVE-2022-0652, the first of these flaws exists due to UTM storing SHA512crypt password hashes in log files, which would allow local users to read log files and gain access to sensitive data; this failure received a CVSS score of 2.9/10.

Moreover, CVE-2022-0386 exists due to insufficient sanitization of user-provided data in Mail Manager, which would allow remote threat actors to send specially crafted requests to UTM to execute arbitrary SQL commands in the application database, putting stored data at risk. The failure received a CVSS score of 7.7/10.

Both flaws reside in all versions of Sophos UTM prior to v9.710 MR10. Patches to address these vulnerabilities are now available.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.