December 12, 2023 at 12:36PM
Sophos issued a backported security update for CVE-2022-3236 for end-of-life firewall firmware versions due to active exploitation by hackers. The flaw allows remote code execution in the User Portal and Webadmin. Despite automatic updates, over 4,000 devices remained vulnerable. Sophos advised updating to specific versions or using workarounds to mitigate the risk.
Based on the meeting notes, the key takeaways include:
– Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering active exploitation by hackers.
– The flaw allowed remote code execution and impacted versions 19.0.1 and older.
– Despite automatic hotfix rollout to appliances set to auto-accept security updates, over 4,000 internet-exposed appliances remained vulnerable by January 2023, mainly due to older devices running end-of-life firmware.
– An updated fix was delivered in December 2023 after identifying new exploit attempts against the same vulnerability in older, unsupported versions of the Sophos Firewall.
– The recommendation is for organizations to upgrade EOL devices and firmware to the latest versions. If the auto-update option for hotfixes has been disabled, it is recommended to enable it. Manual update to specific versions of the Sophos Firewall is also advised for addressing CVE-2022-3236.
– For cases where updating is impossible, the recommended workaround is to restrict WAN access to the User Portal and Webadmin and use VPN or Sophos Central for remote access and management.
These takeaways provide a clear summary of the security issue, the actions taken by Sophos, and the recommendations for organizations to address the vulnerability.