[German]A few hours ago, information came to my attention on Twitter that the RCE vulnerability CVE-2022-3236 in Sophos XG Firewalls is under massive attack. I had reported about the vulnerability in September 2022 and recommended patching it immediately. Here are some notes on the recent warning and a reference to the blog post in question.
Advertising
Attacks on CVE-2022-3236
I came across the issue on Twitter via this tweet. @ToolsWatch warns emphatically that attackers are currently massively targeting and exploiting the RCE vulnerability CVE-2022-3236 in Sophos Firewall.
However, I cannot currently assess how broad this scanning and attack wave really is.
Vulnerability closed since Sept. 2022
Sophos points out in its response to the above tweet that the vulnerability in question has long since been closed. I had reported on the vulnerability in the blog post Sophos XG Firewall: RCE vulnerability (CVE-2022-3236) on Sept. 26, 2022. The post was in response to an alert from Sophos, who warned of a remote code execution vulnerability in their own firewall. There was a code injection vulnerability (CVE-2022-3236) in the Sophos XG Firewall user portal and web admin.
This vulnerability has already been exploited in a limited number of cases in Asia, according to Sophos. An update to close the vulnerability has been available from Sophos since that time. However, anyone who has not yet run an update on affected installations could now be infected. Therefore, the support article from Sophos, which I linked in the blog post Sophos XG Firewall: RCE vulnerability (CVE-2022-3236), should be consulted and the firewall installation should be checked for the update status as well as a possible infection.
Advertising
