Sophos fixed a critical flaw in its Sophos Firewall version 19.5

Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues.

Sophos has released security patches to address seven vulnerabilities in Sophos Firewall version 19.5, including some arbitrary code execution bugs.

The most severe issue addressed by the security vendor is a critical code injection vulnerability tracked as CVE-2022-3236.

“A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin.” reads the advisory.

In September, Sophos warned of this critical code injection security vulnerability (CVE-2022-3236) affecting its Firewall product which is being exploited in the wild. Sophos confirmed that this vulnerability was being used to target a small set of specific organizations, primarily in the South Asia region.

Sophos Firewall User Portal interface

The security vendor also addressed three vulnerabilities rated as ‘high’ severity; below is the list of these issues:

  • CVE-2022-3226 – An OS command injection vulnerability allowing admins to execute code via SSL VPN configuration uploads was discovered by Sophos during internal security testing.
  • CVE-2022-3713 – A code injection vulnerability allowing adjacent attackers to execute code in the Wifi controller was discovered by Sophos during internal security testing. It requires attackers to be connected to an interface with the Wireless Protection service enabled.
  • CVE-2022-3696 – A post-auth code injection vulnerability allowing admins to execute code in Webadmin was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program.

The company also fixed two flaws, rated as medium severity, a stored XSS vulnerability (CVE-2022-3709) and a post-auth read-only SQL injection flaw (CVE-2022-3711).

The seventh issue the company addresses is a post-auth read-only SQL injection vulnerability tracked as CVE-2022-3710 and rated low severity.

Source: Security Affairs, Sophos