Critical Vulnerability found in Sophos Firewall – CVE-2022-3236
October 3, 2022
Alert Severity: Critical
Issue Date: 2022-09-23
CVE(s): CVE-2022-3236
CVSS: 9.8
Impacted Products and Versions: Sophos Firewall version < v19.0 MR1
Description:
An advisory has been released by Sophos to address code injection vulnerability which allows remote code execution in the user portal and web admin of Sophos firewall. This vulnerability is impacting primarily in South Asia. Threat actor can exploit this vulnerability to inject remote code in web admin of firewall system.
Mitigation:
Sophos has published advisory to mitigate this vulnerability.
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability CVE-2022-27518
