Sophos Firewall Patches Zero-Day RCE Vulnerability


Hackers hacked a network belonging to a Sophos client by taking use of a serious zero-day RCE vulnerability. The security software provider responded instantly by releasing a patch update for the firewall product.

The vulnerability, identified as CVE-2022-3236, affects versions of the Sophos Firewall prior to 19.0 MR1. It concerns a code injection flaw that could allow remote code execution in the User Portal and Webadmin components. This security flaw has been used to target a select group of well-defined companies, mainly in South Asia. Read More…