18 matches found
Sophos Firewall <=18.5 MR3 - Remote Code Execution
Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code. id: CVE-2022-1040 info: name: Sophos Firewall =18.5 MR4 to mitigate this vulnerability. reference: -...
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent...
Exploit for CVE-2022-1040
Environment In Python Environment3.10 python3.10 It...
Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor
A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organization...
Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Vulnerability
Aryan Chehreghani Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to...
Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Date: 2022-08-04 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to...
Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass
Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Date: 2022-08-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to...
Hackers Target Ukrainian Software Company Using GoMet Backdoor
A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known ...
Attackers target Ukraine using GoMet backdoor
Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed at a large software...
Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity
A sophisticated Chinese advanced persistent threat APT actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implemented an interesting web...
Sophos MR3 Firewall Remote Code Execution (CVE-2022-1040)
A remote code execution vulnerability exists in Sophos MR3 Firewall. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Sophos XG Firewall User Portal and Webadmin Authentication Bypass (CVE-2022-1040)
Binary data sophosxgfirewallcve-2022-1040.nbin...
Sophos Firewall RCE vulnerability actively exploited
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A security researcher has discovered an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. Attackers are actively exploiting this vulnerability to attack enterprises in...
Critical Sophos Firewall RCE Vulnerability Under Active Exploitation
Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions...
CVE-2022-1040
creationtimestamp| type| source ---|---|--- 2022-03-25 15:30:39+00:00| seen| https://t.me/cibsecurity/39533 2022-03-27 14:33:12+00:00| seen| https://t.me/BleepingComputer/11671 2022-03-27 19:17:05+00:00| seen| https://t.me/cKure/9191 2022-03-28 10:46:00+00:00| exploited|...
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. Recent assessments: jbaines-r7 at April 15, 2022 7:28pm UTC reported: On March 25, 2022, Sophos published a critical security advisory fo...