Actively exploited vulnerability

CVE-2022-1040: Sophos Firewall Authentication Bypass Vulnerability

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

CISA KEV source 31 Mar 2022 added 21 Apr 2022 remediation due

Affected product

Sophos · Firewall

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2022-1040.

Bleeping Computer28 Mar 2022

Critical Sophos Firewall vulnerability allows remote code execution

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall. [...]