Sophos Firewall vulnerability gave hackers the keys to the kingdom

The fix installs automatically for the newest versions

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Sophos haspatchedup a high-severity vulnerability that allowed threat actors to remotely execute any code, including viruses andmalware, on anendpointrunning itsfirewallsoftware.

As reported byBleepingComputer, the company has pushed a fix for CVE-2022-1040, an authentication bypass vulnerability that’s been given a severity score of 9.8/10.

It was discovered in the User Portal and Webadmin features of the Sophos Firewall solution.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

Workaround available

Sophos says the patch will be automatically downloaded and installed for the majority of the users.

“There is no action required for SophosFirewallcustomers with the ‘Allow automatic installation of hotfixes’ feature enabled. Enabled is the default setting,” said the firm in a security advisory.

However, should users run an older version, or one that’s already reached end of life, they will need to apply the patch manually. And those that are unable to install the fix at this time are advised to secure the vulnerable points - User Portal and Webadmin - via a workaround.

“Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN,” the advisory states. “Disable WAN access to the User Portal and Webadmin by following device access best practices and instead useVPNand/or Sophos Central for remote access and management.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sophos agrees to $3.9bn acquisition>Sophos warns customers it was hit by data breach>Best secure router of 2022: keep your router and devices safe at home or work

It’s been a busy month for the Sophos team, which last week fixed two high severity vulnerabilities in Sophos Unified Threat Management appliances: CVE-2022-0386 and CVE-2022-0652.

Sophos is a UK-based cybersecurity and network security software developer, focused mostly on security software for organizations with up to 5,000 employees. It was founded in 1985, but pivoted towards cybersecurity in the late 1990s.

In 2019, it was acquired by US-based private equity firm, Thoma Bravo, for approximately $3.9 billion ($7.40 per share).

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time