A significant security vulnerability has been uncovered in the Sophos Firewall User Portal and Webadmin, potentially allowing remote hackers to execute malicious code.
This flaw permits attackers to insert harmful code into the software, potentially leading to complete system takeover and data breaches.
Sophos has responded by releasing updated versions of their firewalls to detect and prevent exploitation attempts targeting older versions. This Remote Code Execution (RCE) vulnerability has been rated Critical (9.8).
According to Sophos, devices vulnerable to this exploit are running end-of-life (EOL) firmware. A patch has been promptly developed for certain EOL firmware versions and automatically applied to 99% of affected organizations with “accept hotfix” enabled.
The Sophos Firewall v19.0 MR1 (19.0.1) and earlier versions, released in 2022, have become obsolete, leading to end-of-life (EOL) status for all vulnerable devices. Consequently, these devices will no longer receive updates or support, exposing them to potential security threats.
It’s noteworthy that attackers have been targeting firmware and end-of-life (EOL) devices from various technology vendors. Sophos has reported exploitation of this specific vulnerability, primarily targeting a specific group of companies, mostly in South Asia.
To enhance security, organizations should take measures to safeguard their User Portal and Webadmin, including preventing exposure to the Wide Area Network (WAN). For remote access and management, employing VPN or Sophos Central is recommended, with the latter being the preferred choice. Sophos advises disabling WAN access to the User Portal and Webadmin to adhere to best practices for device access.