Cyber security stalwart Sophos has patched a significant flaw in its firewall software that might allow remote code execution. The issue, identified as CVE-2022-1040, is authentication-bypass vulnerability in the Sophos Firewall’s User Portal and Webadmin.
The issue effects the appliance versions 18.5 MR3 (18.5.3) and older. It was classified as “critical” by Sophos, which did not disclose technical specifics or a CVSS score.
The business issued a patch, however users who do not have automatic updates enabled would have to update their appliances manually. The problem was reported via Sophos’ bug bounty program by an unknown independent researcher.
Read More: https://threatpost.com/critical-sophos-security-bug-rce-firewalls/179127/