Skip to main content

Sophos Release Security Update for Sophos Firewall

Security update addresses one Critical vulnerability, three High severity vulnerabilities and one Medium severity vulnerability.

Threat ID:
CC-4168
Threat Severity:
Information only
Published:
15 September 2022 4:25 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses one Critical vulnerability, three High severity vulnerabilities and one Medium severity vulnerability.

Affected platforms

The following platforms are known to be affected:

Versions: prior to 18.5 MR4

Sophos Firewall

Threat details

Introduction

Sophos has released a security update to address five vulnerabilities affecting the Sophos Firewall. The critical vulnerability known as CVE-2022-1040 is related to remote code execution. The three High vulnerabilities known as CVE-2021-25268, CVE-2022-1292 and CVE-2022-1807 are related to privilege escalation and command injection. A remote, unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system. 

Remediation advice

Affected organisations are encouraged to review the Sophos Security Update and upgrade the Sophos Firewall to the latest version from MySophos or when prompted in the console. 

Last edited: 15 September 2022 4:25 pm