www.helpnetsecurity.com
Open in
urlscan Pro
52.40.14.155
Public Scan
URL:
https://www.helpnetsecurity.com/2023/12/13/eol-sophos-firewalls-cve-2022-3236/
Submission: On December 13 via api from TR — Scanned from DE
Submission: On December 13 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1702481444"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
* News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Please turn on your JavaScript for this page to function normally. Zeljka Zorz, Editor-in-Chief, Help Net Security December 13, 2023 Share EOL SOPHOS FIREWALLS GET HOTFIX FOR OLD BUT STILL EXPLOITED VULNERABILITY (CVE-2022-3236) Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall,” the company shared on Monday by updating of the original security advisory. “No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. We immediately developed a patch for certain EOL firmware versions, which was automatically applied to the 99% of affected organizations that have ‘accept hotfix’ turned on. All the vulnerable devices are running end-of-life (EOL) firmware.” FIXES AND WORKAROUNDS CVE-2022-3236 is a code injection vulnerability in the User Portal and Webadmin of Sophos Firewall that allows for remote code execution on the targeted vulnerable installation. Sophos has now released hotfixes to fix CVE-2022-3236 on EOL Sophos firewalls running the following firmware versions: * v19.0 GA, MR1, and MR1-1 * v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4 * v17.0 MR10 Admins of EOL devices that don’t have the “accept hotfix” option turned on must download and apply the hotfix manually. (The option is enabled by default, but can be disabled.) If they can’t install the hotfixes, customers can disable WAN access to the User Portal and Webadmin and switch to using VPN and/or Sophos Central for remote access and management. Customers can verify whether the hotfix has been installed on their devices by following the steps outlined here. Just how many internet-facing, vulnerable EOL devices are still out there is difficult to say. Earlier this year, VulnCheck found over 4,000 after scanning the internet, and provided a set of indicators that can point to exploitation attempts. More about * enterprise * firewall * patch * SMBs * Sophos * VulnCheck Share FEATURED NEWS * Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns * EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) * Shifting data protection regulations show why businesses must put privacy at their core Guide: Application security posture management deep dive SPONSORED * eBook: Cybersecurity career hacks for newcomers * Download: The Ultimate Guide to the CISSP * eBook: Keeping Active Directory out of hackers’ cross-hairs * Guide: SaaS Offboarding Checklist DON'T MISS * Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns * EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) * Shifting data protection regulations show why businesses must put privacy at their core * A closer look at LATMA, the open-source lateral movement detection tool * December 2023 Patch Tuesday: 33 fixes to wind the year down Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2023 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×