Sophos Firewalls, Critical Patch Released.

A critical security hole in the Sophos Firewall has been patched, but not before attackers found and exploited it.

The vulnerability, identified as CVE20223236, exists in the User Gateway and Webadmin components of the firewall in version 19.0 and earlier. Although it did not receive a CVSS severity score, Sophos rated it “severe” and noted that it allows remote code execution.
“Sophos observed this vulnerability is being used to target a specific subset of organizations, primarily in the South Asia region,” the vendor noted in an advisory this month. “We have notified each of these organizations directly.”

The UK security software vendor last week released patches for supported versions (v17.0 to v19.0) and also offers an alternative, including disabling WAN access to User Gateway and Webadmin. Sophos also said it is continuing to investigate and will provide more details at a later date.

On Tuesday, the security vendors blogs, which regularly detail vulnerabilities and exploits affecting other software vendors, failed to mention the fatal firewall bug itself.
However, other software manufacturers and security researchers have weighed in on the Sophos bug, with warnings that there is a “very strong” potential for mass exploitation.

If you are looking for a strategic partner to share the load in fighting attacks on your infrastructure book a consultation today.

http://www.itambulance.co.uk