VulnCheck security researchers have found that many network admins worldwide have not yet updated their Sophos Firewall. They found around 88,000 firewalls accessible via the internet, thousands of which are vulnerable via a critical vulnerability.
The user portal of about 78’000 firewalls can be accessed via the Internet and for 10’000 firewalls even the web admin login can be accessed. But the SFOS version 18.0 MR3 is actively warned about this in the backend.
Hotfix is available since September 2022 and security patches are available since December. The researchers advise administrators to check not only the version status but also the log files for possible compromises.
We have already reported in the past about security vulnerabilities in the Sophos Sophos Firewall(Sophos SFOS SQL injection gap closed) and about the measures we recommend to make it less easily accessible via the Internet.
The vulnerability, known as CVE-2022-3236, allows hackers to execute malicious code and is rated extremely critical. When Sophos announced the vulnerability in September last year, the company warned that it had already been exploited as a zero-day. The company urged its customers to install a hotfix and later a full patch to avoid infection.
Over 99% of Sophos firewalls accessible via the internet have not been updated to versions that contain the official patch for CVE-2022-3236,” writes VulnCheck researcher Jacob Baines. However, about 93% of systems are using versions for which a hotfix is available, and the default firewall behaviour is to automatically download and apply hotfixes (unless disabled by an administrator). It is likely that almost all firewalls that are eligible for a hotfix have received a hotfix.
This means that more than 4,000 firewalls (or about 6 per cent of Sophos firewalls exposed to the internet) are still running on versions that have not received a hotfix and are therefore vulnerable to attack. That equates to about 6 per cent of all Sophos firewalls, said security firm VulnCheck, citing figures from a search on Shodan.