Sophos recently announced that it has released a hotfix for an urgent flaw in its firewalls. Tracked as CVE-2022-1040, the vulnerability allows attackers to bypass user authentication via the firewall’s User Portal or WebAdmin interface, and then execute arbitrary code. The flaw has been assigned a severity rating of 9.8 out of 10.
Sophos declared that it “has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region.” Now that the flaw has been widely publicized, expect that list of targets to expand.
The vendor’s hotfix should be automatically applied to all vulnerable devices that have the “Allow automatic installation of hotfixes” feature enabled, which it is by default. However, organizations that have disabled the feature or are running End Of Life hardware will need to manually upgrade in order to patch the security hole.
You can verify if the hotfix for CVE-2022-1040 has been applied to your Sophos firewall by following the directions laid out here: https://support.sophos.com/support/s/article/KB-000043853?language=en_US
