Sophos was compelled to backport a security replace for CVE-2022-3236 for end-of-life (EOL) firewall firmware variations after discovering hackers actively exploiting the flaw in assaults.
The flaw is a code injection downside within the Consumer Portal and Webadmin of Sophos Firewall, permitting distant code execution.
Sophos mounted the security problem in September 2022 when it warned about lively exploitation within the wild, impacting variations 19.0.1 and older.
Though the hotfix was routinely rolled out to home equipment set to auto-accept security updates by the seller, by January 2023, over 4,000 internet-exposed home equipment remained susceptible to assaults.
Many of those home equipment had been older units operating end-of-life firmware that needed to apply mitigations or manually apply the hotfix, and hackers have taken benefit of this hole.
“In December 2023, we delivered an up to date repair after figuring out new exploit makes an attempt towards this similar vulnerability in older, unsupported variations of the Sophos Firewall,” reads the up to date security bulletin.
“We instantly developed a patch for sure EOL firmware variations, which was routinely utilized to the 99% of affected organizations which have ‘settle for hotfix’ turned on.”
“Attackers generally hunt for EOL units and firmware from any expertise vendor, so we strongly suggest that organizations improve their EOL units and firmware to the most recent variations.”
If the auto-update possibility for hotfixes has been disabled, it is strongly recommended to allow it after which comply with this information to confirm that the hotfix has been utilized.
Alternatively, manually replace to one of many following variations of Sophos Firewall, which deal with CVE-2022-3236:
- v19.0 GA, MR1, and MR1-1
- v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
- v18.0 MR3, MR4, MR5, and MR6
- v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
- v17.0 MR10
- v19.0 GA, MR1, and MR1-1
- v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
- v17.0 MR10
In case you are utilizing an excellent older model of the Sophos Firewall, you might be suggested to improve to one of many releases listed above.
For circumstances the place updating is inconceivable, the really useful workaround is to limit WAN entry to the Consumer Portal and Webadmin by following these directions and as an alternative use VPN or Sophos Central for distant entry and administration.
