Sophos firewalls require an URGENT new flame shield.

Share This Post

Sophos recently announced that it has released a hotfix for an urgent flaw in its firewalls. Tracked as CVE-2022-1040, the vulnerability allows attackers to bypass user authentication via the firewall’s User Portal or WebAdmin interface, and then execute arbitrary code. The flaw has been assigned a severity rating of 9.8 out of 10.

Sophos declared that it “has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region.” Now that the flaw has been widely publicized, expect that list of targets to expand.

The vendor’s hotfix should be automatically applied to all vulnerable devices that have the “Allow automatic installation of hotfixes” feature enabled, which it is by default. However, organizations that have disabled the feature or are running End Of Life hardware will need to manually upgrade in order to patch the security hole.

You can verify if the hotfix for CVE-2022-1040 has been applied to your Sophos firewall by following the directions laid out here: https://support.sophos.com/support/s/article/KB-000043853?language=en_US



Reach out to our incident response team for help

More To Explore

Information Security News – 6/23/2025

Law Enforcement Takedowns Disrupt Cybercrimes Across the Globe Article Link: https://cyberscoop.com/cybercrime-crackdown-operation-endgame-operation-secure/   Microsoft 365 to Block File Access Via Legacy Auth by Default Article link:

Information Security News – 6/16/2025

Grocery Wholesale Giant United Natural Foods Hit by Cyberattack Article Link: https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/ The Worsening Landscape of Educational Cybersecurity Article Link: https://blog.knowbe4.com/the-worsening-landscape-of-educational-cybersecurity Gov. Abbott Signs Texas

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.