Sophos, security software and hardware vendor published a patch update for its firewall product after it identified that hackers were exploiting a new critical zero-day vulnerability to target its users’ network.
The vulnerability tracked as CVE-2022-3236 was spotted in the User Portal and Webadmin of Sophos Firewall, its exploitation can lead to code execution (RCE).
“A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. The vulnerability has been fixed,” the company stated. “Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region. We have informed each of these organizations directly. Sophos will provide further details as we continue to investigate.”
The company says it has released hotfixes for Sophos Firewall versions affected by this security bug (v19.0 MR1 (19.0.1) and older) that will roll out automatically to all instances since automatic updates are enabled by defaul
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: