Various versions of Sophos Firewall are installed on more than 4400 servers, which are subject to critical vulnerability that allows hackers to execute malicious code. This was stated by the IB company Vulncheck in her report .
..
The vulnerability of the introduction of code cve-2022-3236 (CVSS: 9.8) allows you to remotely execute the code On the user portal and in the panel of the administrator of the fireworks SOPHOS. The error was revealed back in September 2022. The company then released an update with the correction of this deficiency.
According to the study, more than 4400 servers (6% of all Sophos firewalls) remain vulnerable. In addition, more than 99% of Sophos firewalls are not updated to the corrected versions, and 93% work with current versions. Researchers suggested that almost all servers received an update, but the error is still present.
Cybersecurity researcher Jacob Beins created an exploit for vulnerability based on technical descriptions in indicators of compromise .
It is noteworthy that mass operation is unlikely due to the need to introduce a Captcha test during authentication by web clients. A vulnerable code is available only after checking Captcha. Captcha dough failure will lead to an exploit.
The most inter -grid SOPHOS screens include Captcha, and to run the exploit, you need to go through the test. The failure of the Captcha dough will lead to an exploit failure, which means that vulnerability cannot be used on a large scale.
Sophos released automatic update in September 2022. According to Baines, the SOPHOS Firewall versions, available on the Internet, are running the already unsupported version. The researcher urged users to update the software until the latest version, which Sophos stated in September.