Customers have been alerted by Sophos that many vulnerabilities, including ones that may lead to arbitrary code execution, have been patched in Sophos Firewall version 19.5. Some of these security flaws were uncovered in-house by Sophos, while others were brought to the attention of the business by third-party researchers who participated in the bug bounty program.
It is not unusual for threat actors to exploit vulnerabilities in Sophos products, and they have a wide variety of targets to pick from as a result of the large number of internet-connected appliances that are now in circulation.
Chinese threat actors have been connected to at least some of the cyberattacks that targeted Sophos products.
The following vulnerabilities have been patched in the Sophos Firewall version 19.5 GA (19.5.0) release: (users of older versions are required to upgrade.)
CVE-2022-3236
It was revealed that the User Portal and the Webadmin both had a code injection vulnerability that might lead to remote code execution.
Severity: Critical
CVE-2022-3226
During the course of Sophos’s internal security testing, an OS command injection vulnerability that enabled administrators to run malware over SSL VPN configuration uploads was identified by the company.
Severity: HIGH
CVE-2022-3713
During the course of Sophos’ internal security testing, a code injection vulnerability that may potentially be exploited by nearby attackers to gain execution privileges in the Wifi controller was uncovered. In order for this to work, attackers need to be connected to an interface that has the Wireless Protection service turned on.
Severity:HIGH
CVE-2022-3696
An external security researcher uncovered a post-auth code injection vulnerability in Webadmin that allowed administrators to execute code. This vulnerability was appropriately revealed to Sophos by the researcher. The vulnerability was discovered via the Sophos bug bounty program.
Severity:HIGH
CVE-2022-3709
An external security researcher made the discovery of a cached XSS vulnerability in the Webadmin import group wizard that allowed for privilege escalation from admin to super-admin. This vulnerability was appropriately notified to Sophos by the researcher. The vulnerability was discovered via the Sophos bug bounty program.
Severity:MEDIUM
CVE-2022-3711
An external security researcher found a post-auth read-only SQL injection vulnerability in the User Portal that allowed users to access non-sensitive configuration database contents. The researcher then responsibly revealed the issue to Sophos so that the company could address it. The vulnerability was discovered via the Sophos bug bounty program.
Severity:MEDIUM
CVE-2022-3710
An independent security researcher uncovered a post-auth read-only SQL injection vulnerability in the API controller that allowed API clients to view non-sensitive configuration database contents. This issue was properly revealed to Sophos by the independent security researcher. The vulnerability was discovered via the Sophos bug bounty program.
Severity:LOW
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
