Vulnerabilities fixed in Sophos firewall

Sophos has fixed several vulnerabilities in Sophos firewall. A malicious party could exploit the vulnerabilities to obtain system data through API calls and Cross-Site-Scripting XSS attacks. In addition, arbitrary code can be executed if the malicious party has gained management rights or gained...

Sophos Zero-day vulnerability becomes target for attackers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the User Portal and WebAdmin of Sophos Firewall has been tracked as CVE-2022-3236. This vulnerability is been used by some unknown attackers to target organizations in...

Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers' network. The issue, tracked as CVE-2022-3236 CVSS score: 9.8, impacts Sophos Firewall v19.0 M...

CVE-2022-3236

creationtimestamp| type| source ---|---|--- 2022-09-23 16:13:26+00:00| seen| https://t.me/cibsecurity/50315 2022-09-24 07:13:55+00:00| exploited| https://t.me/thehackernews/2599 2022-09-25 11:53:57+00:00| exploited| https://t.me/secsocteam/322 2022-09-26 04:00:00+00:00| seen|...

CVE-2022-3236

CVE-2022-3236 — Sophos Firewall: A code injection vulnerability in the User Portal and Webadmin allows remote code execution on Sophos Firewall versions