A critical code-injection vulnerability in Sophos Firewall has been fixed — but not before miscreants found and exploited the bug.
The flaw, tracked as CVE-2022-3236, exists in the User Portal and Webadmin components of the firewall in versions 19.0 and older. While it hasn’t been issued a CVSS severity score, Sophos deemed it “critical” and noted that it allowed for remote code execution.
“Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” the vendor noted in an advisory this month. “We have informed each of these organizations directly.”
Source: The Register