Sophos Patches EOL Firewalls Against Exploited Vulnerability


This week, the UK-based cybersecurity company Sophos released fixes for a vulnerability that might be exploited in firewall versions that are End-of-Life (EOL).It was discovered that the critical-severity bug, identified as CVE-2022-3236, affects the product versions 19.0 MR1 (19.0.1) and earlier. It was first fixed in September 2022, but only for Sophos Firewall versions that were supported.According to Sophos, the security flaw enables attackers to accomplish remote code execution (RCE) by means of code injection in the User Portal and Webadmin components of the Firewall.The cybersecurity company updated its advisory this week to alert users to a fresh in-the-wild attack that targets the problem as well as to updates on remedies it has made available for earlier, EOL product versions.

Read More…