Sophos has eliminated a critical vulnerability in its Sophos Firewall product that allows you to remotely execute arbitrary code. The authentication bypass vulnerability (CVE-2022-1040) is contained in the user portal and in the web administration areas of the Sophos firewall.
The problem affects Sophos Firewall versions 18.5 MR3 (18.5.3) and older and received a score of 9.8 points out of the maximum 10 on the CVSS scale. Its operation allows a remote attacker who can gain access to the firewall user portal or the web administration interface to bypass authentication and execute arbitrary code.
“For Sophos Firewall users with the “Allow automatic Patch installation” feature enabled, no action is required. This setting is enabled by default,” Sophos explained.
It is noteworthy that some older versions and expired products may need to be activated manually. As measures to prevent exploitation of the vulnerability, the company recommends that customers disable access via the global network to the user portal and the web administration interface, and instead use a VPN and/or Sophos Central for remote access and management.