CVE-2022-3236 - Sophos Firewall Code Injection Vulnerability
Project:Sophos
Product:Firewall
Date Added:2022-09-23Due Date:2022-10-14
Vulnerability Name
Sophos Firewall Code Injection Vulnerability
Description
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
https://nvd.nist.gov/vuln/detail/CVE-2022-3236
Related News Articles
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ CountriesNovember 26, 2024
Salt Typhoon hackers backdoor telcos with new GhostSpider malwareNovember 26, 2024
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber IntrusionsNovember 6, 2024