Cybersecurity company Sophos warned Monday that an exploitable critical security flaw in its firewall product was being used in real-world attacks.
The flaw, tracked as CVE-2022-1040, is rated 9. 8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18. 5 MR3 (18.5. 3) and older. This vulnerability is in the User Portal interface and Webadmin interface. If weaponized successfully, it allows remote attackers to execute arbitrary codes.
“Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region,” the company noted in a revised advisory published Monday. “We have informed each of these organizations directly. “
The flaw was fixed in a hotfix. This hotfix is automatically installed to customers with the “Allow automated installation of hotfixes ” set. Sophos recommends that customers disable WAN access from the User Portal or Webadmin interfaces as a temporary fix.
Additionally, the British security software company has shipped for end-of-life unsupported versions 17. 5 MR12 through MR15, 18.0 MR3 and MR4, and 18. 5 GA, indicative of the severity of the issue.
“If you have an older version of Sophos Firewall, it is necessary to update to get the most recent protections and fix,” Sophos stated.