On Friday, March 25, Sophos disclosed a critically-rated vulnerability impacting Sophos firewall version 18.5 MR3 (18.5.3) and earlier. This vulnerability is rated 9.8 out of 10 on the CVSS v3 scoring system and is tracked as CVE-2022-1040. Sophos has released a patch to fix the issue.
The vulnerability allows for remote code execution (RCE), which is when a malicious actor remotely accesses the Firewall’s user portal or Webadmin interface to bypass authentication and execute arbitrary code. The vulnerability was reported to Sophos by an unnamed external security researcher via the company’s bug bounty program.
According to Sophos’ security advisory, “There is no action required for Sophos Firewall customers with the ‘Allow automatic installation of hotfixes’ feature enabled. Enabled is the default setting.”
Per its device best practices, Sophos recommends disabling WAN access to the user portal and Webadmin, and either securing it behind a VPN or using Sophos Central for remote access and management.
Nuspire is not affected by this vulnerability.
Nuspire recommends you take the following actions: