Sophos rolls out fix for Firewall flaw

Sophos has announced that it had managed to fix a security flaw that affected its Firewall users. Tracked as CVE-2022-1040, the British firm claimed that the authentication bypass vulnerability was discovered in the ‘User Portal’ and ‘Webadmin’ areas of Sophos Firewall and was ‘responsibly’ disclosed to the company.

The RCE is a kind of a cyber attack wherein the perpetrator can remotely execute commands on someone else’s computing device. Sophos, which is largely in the business of providing security software, on 25 March, had pointed out a critical RCE vulnerability impacting its Firewall versions 18.5 MR3 (18.5.3) which has been eventually been patched.

“It (the vulnerability) was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed,” as per Sophos’ security advisory, which added that there is no action required for Sophos Firewall customers with the allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.

For working around this vulnerability, Sophos maintained that its customers can protect themselves from external attackers by ensuring their ‘User Portal’ and ‘Webadmin’ are not exposed to WAN (Wide Area Network). The user can even disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management, as per the company’s advisory.

Incidentally, Sophos is the same company that came out with a report claiming that more than 60% of Indian mid-sized companies fell victim to a cyberattack in 2021 and most of which are linked to external sources. The findings further said that Indian firms with employee strength of between 1,000 and 2,000 didn’t immediately realise they had been impacted.