December 13, 2023 at 05:42AM
UK-based cybersecurity firm Sophos announced patches for a critical code injection vulnerability in Firewall versions 19.0 MR1 and older, giving attackers the ability to execute remote code. The company also warned of a new exploit and urged organizations to update to supported versions to mitigate the risk. Additionally, patches have been automatically applied to most affected organizations.
From the meeting notes, the key takeaways are:
– UK-based cybersecurity firm Sophos has announced patches for an exploited vulnerability in Firewall versions that have reached End-of-Life (EOL).
– The critical-severity flaw, tracked as CVE-2022-3236, impacts versions 19.0 MR1 (19.0.1) and older of the Sophos Firewall product due to a code injection issue in the Firewall’s User Portal and Webadmin components, allowing attackers to achieve remote code execution (RCE).
– Sophos has updated its advisory to warn of a new in-the-wild exploit targeting the bug and to draw attention to fixes released for older, EOL product versions.
– Organizations that have updated their instances to a supported version after September 2022 are protected against attacks and do not need to take additional action.
– Devices running EOL firmware are vulnerable to the new exploit, and Sophos has taken immediate action to fix certain versions, with patches automatically applied to affected organizations that have ‘accept hotfix’ turned on.
– Sophos has been rolling out hotfixes for specific Firewall versions and urges customers using older iterations of the product to upgrade to receive the fixes.
– Sophos recommends that organizations upgrade their EOL devices and firmware to the latest versions, as attackers commonly hunt for EOL devices and firmware from any technology vendor.
– The flaw had been exploited in attacks targeting specific organizations, primarily in the South Asia region, but details on the recently observed attacks have not been shared.
These points summarize the key details discussed in the meeting notes.