A critical 0-day security vulnerability that affects Sophos Firewall solutions has been identified and is known to be actively exploited by threat actors.
The RCE vulnerability, tracked as CVE-2022-3236, exists due to incorrect login validation in the User Portal and WebAdmin interfaces of Sophos Firewall solutions. As a result, an unauthenticated, remote threat actor can execute arbitrary code on the target system via a specially crafted request.
The vulnerability affects all versions of Sophos Firewall 17.0.0 (inclusive) to 19.0.1. Sophos has released updates that fix the vulnerability. To avoid being affected by attacks that can be carried out using the vulnerability, it is recommended that users minimize the internet exposure of the User Portal and Webadmin interface and apply the published updates immediately.