9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A security researcher has discovered an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. Attackers are actively exploiting this vulnerability to attack enterprises in South Asia. The vulnerability, tracked as CVE-2022-1040, allows a remote attacker with access to the Firewall's User Portal or Webadmin user to circumvent authentication and execute arbitrary code. Sophos published hotfixes to address this vulnerability, which has been automatically deployed to all susceptible devices because the 'Allow automatic installation of hotfixes' functionality that is activated by default. However, hotfixes published for end-of-life Sophos Firewall versions must be manually upgraded in order to address the security issue and defend against ongoing assaults. Customers can also defend themselves from external attackers by not exposing their User Portal and Webadmin to the WAN. Potential MITRE ATT&CK TTPs are: TA0042: Resource Development TA0006: Credential Access TA0007: Discovery TA0001: Initial Access TA0004: Privilege Escalation TA0005: Defense Evasion T1588: Obtain Capabilities T1588.006: Obtain Capabilities: Vulnerabilities T1190: Exploit Public-Facing Application T1040: Network Sniffing T1548: Abuse Elevation Control Mechanism Vulnerability Details References https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce https://support.sophos.com/support/s/article/KB-000043853?language=en_US
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P