Sophos recently addressed a critical vulnerability CVE-2022-3236 involving end-of-life (EOL) firewalls that had been actively exploited. The vulnerability prompted Sophos to release patches for unsupported firewalls after reports of successful attacks on these systems surfaced. Read this Cybersecurity Threat Advisory to learn how to protect the affected firewalls.
What is the threat?
The threat involves a remote code execution (RCE) vulnerability affecting Sophos firewalls that have reached their end-of-life stage. Exploiting this vulnerability allows attackers to execute arbitrary code on the targeted system, potentially leading to unauthorized access, data compromise, or further exploitation. The attack vector involves leveraging the vulnerability in the User Portal and Webadmin of Sophos Firewall. This promotes Sophos to backport a fix to mitigate the risk of successful exploitation.
Why is it noteworthy?
The need for Sophos to release patches for unsupported systems underscores the severity of the vulnerability and the potential impact on security if not promptly addressed. The incident highlights the importance of keeping security systems up to date to mitigate the risk of successful cyber-attacks.
What is the exposure or risk?
Organizations using Sophos firewalls that have reached their end-of-life stages are vulnerable to remote code execution. The exploitation of EOL firewalls implies that threat actors are actively targeting outdated security infrastructures, putting organizations at greater risk if these vulnerabilities are not promptly addressed. The potential impact includes compromised sensitive data, operational disruptions, and the risk of further lateral movement within a network.
What are the recommendations?
Barracuda MSP recommends the following actions to protect your Sophos firewall against this vulnerability:
- Ensure that all Sophos firewalls receive the latest patches promptly, even if they have reached their end-of-life stage.
- Consider upgrading to the latest supported versions of Sophos firewalls or alternative solutions to maintain robust security measures.
- Conduct regular security audits to identify and address vulnerabilities within the organization’s network infrastructure.
- Implement network segmentation to limit the lateral movement of attackers in the event of a successful compromise.
- Maintain heightened monitoring and security measures for devices that have reached their end-of-life, as they may become prime targets for exploitation.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.securityweek.com/sophos-patches-eol-firewalls-against-exploited-vulnerability/
- https://www.bleepingcomputer.com/news/security/sophos-backports-rce-fix-after-attacks-on-unsupported-firewalls/
- https://nordlayer.com/learn/firewall/threats-and-vulnerabilities/
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
