RCE on Firewalls due to Critical Sophos Security Bug

The security vendor's appliance was hacked from aconfirmation bypass issue. Cybersecurity trusty Sophos has built up a critical vulnerability in its firewall product, which could permit remote code execution.The blemish, tracked as CVE-2022-1040, is significantly an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects version 18.5 MR3 (18.5.3) and mature of the appliance. Agambit would give attackers rule over the device, and enable them to disable the firewall, add new users, or use it as a commencing point for digging deeper into a company's network.Sophos did not provide technical details or a CVSS score for the bug, but listed it as "critical." RCE vulnerabilities are some of the most dangerous and high-impact vulnerabilities in existence in the cyber security world.

The company pushed out a hotfix, but those without auto-updates entitles will need to manually update their appliances. There's also a bypass, according to the company's security advisory: Any customers can save themselves from outside attackers by certifying their User Portal and Webadmin are not exposed to WAN. Also, disabling WAN access to the User Portal and Webadmin by following device access best practices and instead ofusing VPN and/or Sophos Central for remote access and management. Aunanimous independent researcher was credited with reporting the flaw via Sophos' bug bounty.

The vulnerability is numbered asthe third bug for the vendor the month. Earlier in March, two others came to the spotlight, tracked as CVE-2022-0386 (a post-authentication SQL-injection issue) and CVE-2022-0652 (an insecure access permissions bug). They affected the Sophos UTM unified threat-management appliance.