A critical security flaw has been discovered in the Sophos Firewall User Portal and Webadmin, allowing hackers to execute malicious code remotely.
The vulnerability enables attackers to inject harmful code into the software, which if exploited, can result in a complete takeover of the system and data theft.
The Sophos updated their firewalls to a new version in order to detect new exploit attempts against the older version. This RCE vulnerability has a score of Critical (9.8).
Sophos said that “vulnerable devices are running end-of-life (EOL) firmware. We immediately developed a patch for certain EOL firmware versions, which was automatically applied to the 99% of affected organizations that have “accept hotfix” turned on”.
Sophos Firewall v19.0 MR1 (19.0.1) and older, which was released in 2022, has become outdated. As a result, the firmware on every vulnerable device has reached its end-of-life (EOL).
This means that these devices will no longer receive updates or support, leaving them open to potential security risks and vulnerabilities .
It is important to note that attackers have been on the lookout for firmware and end-of-life (EOL) devices from various technology vendors.
This particular vulnerability has been exploited with the purpose of targeting a specific group of companies, mostly located in South Asia, as reported by Sophos.
Web admin Portals
It is crucial for organizations to take steps to ensure the security of their User Portal and Web admin, by preventing their exposure to the Wide Area Network (WAN).
For remote access and management, it is advisable to utilize either VPN or Sophos Central (which is the recommended choice). To adhere to device access best practices, it is recommended by Sophos to disable WAN access to the User Portal and Webadmin.
The hotfix installation is automatically enabled by default. Follow these steps to confirm this setting:
Go to Backup & firmware > Firmware > Hotfix.
Turn on Allow automatic installation of hotfixes.
Click Apply.
If hotfixes are enabled, but you are not getting them, check the connectivity requirements for the Up2Date component on Sophos Firewall: Default services.
To verify the hotfix It is crucial for organizations to stay vigilant and take necessary measures to protect their systems and data from potential attacks.
The post Sophos Firewall Code Injection Flaw: Let Attackers Execute Remote Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform .
Top News
-
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a...
-
Lừa đảo mạo danh ‘nở rộ’ trên không gian mạng và ngày càng tinh vi
Dù hình thức không mới song lừa đảo mạo danh hiện vẫn đang khiến nhiều người dân tại Việt Nam và trên thế giới sập bẫy, bị chiếm đoạt tài sản.
-
Lừa đảo đánh cắp mã OTP tinh vi, tấn công mạng tận dụng lỗ hổng mới
Xuất hiện lừa đảo đánh cắp mã OTP tinh vi; Hacker gia tăng tốc độ tận dụng các lỗ hổng mới,... là những thông tin công nghệ trong nước nổi bật...
-
Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users
Hackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt services, or...
-
Sleepy Pickle - Kỹ thuật tấn công mới nhắm vào các mô hình học máy
Sleepy Pickle là một kỹ thuật tấn công mới lạ và bí mật nhắm vào chính mô hình ML (Machine Learning) thay vì hệ thống cơ bản. {...