Sophos, a cybersecurity firm, issued a warning on Monday that a recently patched critical security vulnerability in its firewall product is currently being actively exploited in real-world attacks.
The security vulnerability, tracked as CVE-2022-1040, has a CVSS score of 9.8 out of 10 and affects Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It’s related to authentication bypass vulnerability in the User Portal and Webadmin interfaces that, if exploited, allows a remote attacker to execute arbitrary code.
Sophos noted in a revised advisory published on Monday, “Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region,”
“We have informed each of these organizations directly.”
The bug has been fixed in a hotfix that is installed automatically installed for customers who have enabled the “Allow automatic installation of hotfixes” setting. As a workaround, users should disable WAN access to the User Portal and Webadmin interfaces, according to Sophos.
Furthermore, due to the severity of the issue, the British security software company has shipped for end-of-life unsupported versions 17.5 MR12 through MR15, 18.0 MR3 and MR4, and 18.5 GA.
Sophos said “Users of older versions of Sophos Firewall are required to upgrade to receive the latest protections and this fix,”