Everything you need to know about the Sophos vulnerability

Sophos Vulnerability Advisory

This common vulnerability allows for remote code execution

A remote code execution (RCE) vulnerability (CVE-2022-1040) has been identified in User Portal and Webadmin of Sophos Firewall in versions 18.5 MR3 (18.5.3) and older. The vulnerability has been rated as critical by our cyber security specialists. Sophos Firewall software provides network and user endpoint security.

The exploitation of an RCE vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.

Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region. We have informed each of these organizations directly. Sophos will provide further details as we continue to investigate.

How to stay secure

Organizations who use Sophos Firewall versions prior to v18.5 should review their patch status and update to the latest version.

Sophos Firewall has released a security advisory and hotfix for the affected Firewall versions. Please review the hotfix, and implement it as soon as possible.

There is no update action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting. To confirm that the hotfix has been applied to your firewall, please refer to KB-000043853.

What to do if you believe you may be affected by this vulnerability

Blackpanda incident response experts are monitoring the situation and are prepared to provide assistance and advice as required.

If you believe that your organization may have been impacted by this vulnerability, a compromise assessment is the best way to ensure that any threats currently in your network are addressed as soon as possible.

If you require emergency incident response, please contact Blackpanda immediately.

Interested in speaking to a DFIR specialist?

Contact Us

Trusted by the best to defend against and respond to cyber crises.

See our partners