Skip to main content

Sophos Release Security Update for Sophos Firewall

Security update addresses one Critical vulnerability, three High severity vulnerabilities and one Medium severity vulnerability.

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Security update addresses one Critical vulnerability, three High severity vulnerabilities and one Medium severity vulnerability.


Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

Sophos has released a security update to address five vulnerabilities affecting the Sophos Firewall. The critical vulnerability known as CVE-2022-1040 is related to remote code execution. The three High vulnerabilities known as CVE-2021-25268, CVE-2022-1292 and CVE-2022-1807 are related to privilege escalation and command injection. A remote, unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system. 


Remediation advice

Affected organisations are encouraged to review the Sophos Security Update and upgrade the Sophos Firewall to the latest version from MySophos or when prompted in the console. 



Last edited: 15 September 2022 4:25 pm