Sophos has informed customers that Sophos Firewall version 19.5, whose general availability was announced in mid-November, addresses multiple vulnerabilities, including those that can result in the execution of arbitrary code.
The most recent Sophos Firewall version also includes performance enhancements and patches for seven vulnerabilities. One of the vulnerabilities fixed in version 19.5 is CVE-2022-3236, which has a ‘critical’ severity rating, according to a security advisory published on December 1. This flaw, though, is not brand-new.
The cybersecurity company first let its clients know about itself in September, when it issued a warning that CVE-2022-3236 had been used in attacks against a select group of organizations, mostly in South Asia.