About CVE-2022-3236
Vulnerability Name | Sophos Firewall Code Injection Vulnerability (CVE-2022-3236) |
---|---|
Attack Type | Code Injection |
Time Discovered | 2022-09-27 |
Updated Time | 2022-09-27 |
CVE ID | CVE-2022-3236 |
Summary
Recently, the Sangfor security team has detected a vulnerability security notice released by Sophos. The notice discloses a code injection vulnerability in Sophos Firewall. Vulnerability number: CVE-2022-3236, threat level: high risk. The vulnerability originates from code problems in the user portal and Webadmin, and attackers can exploit this vulnerability to construct malicious data execution remote code injection attacks, which eventually lead to remote code execution.
Affected Versions
Sophos Firewall≤ v19.0 MR1 (19.0.1)
Solution
- At present, the latest official version has been released, and affected users are advised to upgrade to the latest version in time. The download link is as follows: https://www.sophos.com/en-us/support/downloads/firewall-installers
Related Links
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce