A new 0-day vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall.
Sophos stated that the vulnrability is beeing actively exploited against “a small set of specific organizations, primarly in the South Asia region”.
Earlier this year, another 0-day (CVE-2022-1040) was leveraged by attackers against a similar set of victims.

The vulnerable versions of Sophos Firewall are v19.0 MR1 (19.0.1) and older.
Hotfixes were published on September 21 and September 23, 2022. The Hotfix should be installed automatically, if the default settings weren’t changed by the administrator.

Sophos Web Login

For further info refer to:

• Sophos Advisory
• NIST NVD

-JP