CVE-2022-3236 - Sophos Firewall Code Injection Vulnerability

CVE ID:CVE-2022-3236

Project:Sophos

Product:Firewall

Date Added:2022-09-23Due Date:2022-10-14

Vulnerability Name

Sophos Firewall Code Injection Vulnerability

Description

A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

https://nvd.nist.gov/vuln/detail/CVE-2022-3236

Related News Articles

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ CountriesNovember 26, 2024

Salt Typhoon hackers backdoor telcos with new GhostSpider malwareNovember 26, 2024

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber IntrusionsNovember 6, 2024

Top Security News

Top CVE List

Common Alerts

HighSession Fixation
InformationalPossible Username Enumeration
LowCookie without SameSite Attribute
HighSQL Injection - MsSQL
LowPrivate IP Disclosure
InformationalVerification Request Identified
MediumXSLT Injection
HighViewstate without MAC Signature (Unsure)
InformationalASP.NET ViewState Disclosure
MediumCORS Misconfiguration

Top CWE List