About CVE-2022-3236

Vulnerability Name Sophos Firewall Code Injection Vulnerability (CVE-2022-3236)
Attack Type Code Injection
Time Discovered 2022-09-27
Updated Time 2022-09-27
CVE ID CVE-2022-3236

Summary

Recently, the Sangfor security team has detected a vulnerability security notice released by Sophos. The notice discloses a code injection vulnerability in Sophos Firewall. Vulnerability number: CVE-2022-3236, threat level: high risk. The vulnerability originates from code problems in the user portal and Webadmin, and attackers can exploit this vulnerability to construct malicious data execution remote code injection attacks, which eventually lead to remote code execution.

Affected Versions

Sophos Firewall≤ v19.0 MR1 (19.0.1)

Solution

  1. At present, the latest official version has been released, and affected users are advised to upgrade to the latest version in time. The download link is as follows: https://www.sophos.com/en-us/support/downloads/firewall-installers

Related Links

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

See Other Product

Platform-X
Sangfor Access Secure
Sangfor SSL VPN
Best Darktrace Cyber Security Competitors and Alternatives in 2024
Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure