Skip to content
    March 28, 2022

    Patch for Sophos Firewall: (CVE-2022-1040)

    What Happened?

    An authentication bypass vulnerability (CVE-2022-1040) that allowed for remote code execution (RCE) was discovered in the User Portal and Webadmin of Sophos Firewall.

    This vulnerability affects organizations running versions v18.5 MR3 and older of Sophos Firewall.

    How Bad is This?

    CVE-2022-1040 was issued a 9.8 rating on the CVSS scale; in other words, critical severity. RCE is one of the most dangerous types of flaws because it allows an adversary to execute malicious code on vulnerable servers.

    What Should I Do?

    Sophos released hotfixes for the following versions, according to the company’s security advisory

    • Hotfixes for v17.0 MR10 EAL4+, v17.5 MR16 and MR17, v18.0 MR5(-1) and MR6, v18.5 MR1 and MR2, and v19.0 EAP published on March 23, 2022
    • Hotfixes for unsupported EOL versions v17.5 MR12 through MR15, and v18.0 MR3 and MR4 published on March 23, 2022
    • Hotfixes for unsupported EOL version v18.5 GA published on March 24, 2022
    • Hotfixes for v18.5 MR3 published on March 24, 2022
    • Fix included in v19.0 GA and v18.5 MR4 (18.5.4)

    These patches should automatically apply when users have enabled “Allow Automatic Installation of Hotfixes” on their systems. Otherwise, admins must manually update the firewall.

    In general, it’s important to ensure that the User Portal and Webadmin is not exposed to the internet. Admins should disable WAN access to both the User Portal and Webadmin by following Sophos’ instructions for device access best practices.

    Try Blumira For Free

    Blumira’s cloud SIEM detects and alerts you about suspicious behavior in your environment so that you can stop an incident early enough to prevent damage. Each finding we send is accompanied with a security playbook, giving you clear recommendations on how to remediate an attack. Our support team of security analysts is always available to answer questions on how to interpret a finding, or for other security help. 

    Blumira’s free SIEM is easy to deploy; IT and security teams can start seeing immediate security value for their organizations.

    Tag(s): Security Alerts , Blog , CVE

    Matthew Warner

    Matthew Warner is Chief Technology Officer (CTO) and co-founder of Blumira. Matt brings nearly two decades of IT and cybersecurity experience to his leadership position, and a genuine passion for cybersecurity education. Prior to founding Blumira, he was Director of Security Services at NetWorks Group, a managed...

    More from the blog

    View All Posts