Endpoint/Device Security, Vulnerability Management

Thousands of Sophos Firewall devices at risk of RCE attacks

More than 4,000 internet-connected Sophos Firewall devices continue to have the critical remote code execution flaw, tracked as CVE-2022-3236, unpatched despite the release of hotfixes last September and the issuance of official patches in December, reports BleepingComputer.

Over 99% of more than 88,000 internet-facing Sophos Firewalls have not been updated to versions with the official fix, a VulnCheck report showed.

"But around 93% are running versions that are eligible for a hotfix, and the default behavior for the firewall is to automatically download and apply hotfixes (unless disabled by an administrator). That still leaves more than 4,000 firewalls (or about 6% of internet-facing Sophos Firewalls) running versions that didn't receive a hotfix and are therefore vulnerable," said researcher Jacob Baines.

While a proof-of-concept exploit for the vulnerability is yet to be released, threat actors could potentially reproduce the exploit based on available technical data, as done by Baines, to conduct a new wave of attacks, which Baines noted could be hindered by required CAPTCHAs during authentication.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds