More than 4,400 Sophos firewall servers remain vulnerable to critical exploits
https://arstechnica.com/information-technology/2023/01/more-than-4400-sophos-firewall-servers-remain-vulnerable-to-critical-exploits/
More than 4,400 Internet-exposed servers are running versions of the Sophos Firewall that’s vulnerable to a critical exploit that allows hackers to execute malicious code, a researcher has warned.
CVE-2022-3236 is a code injection vulnerability allowing remote code execution in the User Portal and Webadmin of Sophos Firewalls. It carries a severity rating of 9.8 out of 10. When Sophos disclosed the vulnerability last September, the company warned it had been exploited in the wild as a zero-day. The security company urged customers to install a hotfix and, later on, a full-blown patch to prevent infection.
More than 4,400 Sophos firewall servers remain vulnerable to critical exploits
Jan 18, 2023, 2:17am UTC
https://arstechnica.com/information-technology/2023/01/more-than-4400-sophos-firewall-servers-remain-vulnerable-to-critical-exploits/
> More than 4,400 Internet-exposed servers are running versions of the Sophos Firewall that’s vulnerable to a critical exploit that allows hackers to execute malicious code, a researcher has warned.
> CVE-2022-3236 is a code injection vulnerability allowing remote code execution in the User Portal and Webadmin of Sophos Firewalls. It carries a severity rating of 9.8 out of 10. When Sophos disclosed the vulnerability last September, the company warned it had been exploited in the wild as a zero-day. The security company urged customers to install a hotfix and, later on, a full-blown patch to prevent infection.