TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

More than 4,400 Sophos firewall servers remain vulnerable to critical exploits

Staff by Staff
January 18, 2023
in Computer
0
Vulnerability with 9.8 severity in Control Web Panel is under active exploit
465
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Getty Images

More than 4,400 Internet-exposed servers are running versions of the Sophos Firewall that’s vulnerable to a critical exploit that allows hackers to execute malicious code, a researcher has warned.

CVE-2022-3236 is a code injection vulnerability allowing remote code execution in the User Portal and Webadmin of Sophos Firewalls. It carries a severity rating of 9.8 out of 10. When Sophos disclosed the vulnerability last September, the company warned it had been exploited in the wild as a zero-day. The security company urged customers to install a hotfix and, later on, a full-blown patch to prevent infection.

According to recently published research, more than 4,400 servers running the Sophos firewall remain vulnerable. That accounts for about 6 percent of all Sophos firewalls, security firm VulnCheck said, citing figures from a search on Shodan.

“More than 99% of Internet-facing Sophos Firewalls haven’t upgraded to versions containing the official fix for CVE-2022-3236,” VulnCheck researcher Jacob Baines wrote. “But around 93% are running versions that are eligible for a hotfix, and the default behavior for the firewall is to automatically download and apply hotfixes (unless disabled by an administrator). It’s likely that almost all servers eligible for a hotfix received one, although mistakes do happen. That still leaves more than 4,000 firewalls (or about 6% of Internet-facing Sophos Firewalls) running versions that didn’t receive a hotfix and are therefore vulnerable.”

Advertisement

The researcher said he was able to create a working exploit for the vulnerability based on technical descriptions in this advisory from the Zero Day Initiative. The research’s implicit warning: Should exploit code become public, there’s no shortage of servers that could be infected.

Baines urged Sophos firewall users to ensure they’re patched. He also advised users of vulnerable servers to check for two indicators of possible compromise. The first is the log file located at: /logs/csc.log, and the second is /log/validationError.log. When either contains the_discriminator field in a login request, there likely was an attempt, successful or otherwise, to exploit the vulnerability, he said.

The silver lining in the research is that mass exploitation isn’t likely because of a CAPTCHA that must be completed during authentication by web clients.

“The vulnerable code is only reached after the CAPTCHA is validated,” Baines wrote. “A failed CAPTCHA will result in the exploit failing. While not impossible, programmatically solving CAPTCHAs is a high hurdle for most attackers. Most Internet-facing Sophos Firewalls appear to have the login CAPTCHA enabled, which means, even at the most opportune times, this vulnerability was unlikely to have been successfully exploited at scale.”



Source link

Previous Post

Jobs For Unskilled Workers In Canada

Next Post

JEDEC Says Dell’s CAMM Laptop Memory Tech Will Replace SO-DIMM

Next Post
JEDEC Says Dell's CAMM Laptop Memory Tech Will Replace SO-DIMM

JEDEC Says Dell's CAMM Laptop Memory Tech Will Replace SO-DIMM

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

iCloud for Windows Users Report Receiving Random Strangers’ Family Photos

iCloud for Windows Users Report Receiving Random Strangers’ Family Photos

November 26, 2022
Most popular stories on GeekWire for the week of Oct. 23, 2022 – GeekWire

Most popular stories on GeekWire for the week of Oct. 23, 2022 – GeekWire

October 30, 2022

Trending.

What happened to Andrew Humphrey on Channel 4 weather?

August 24, 2022

Who is the new weather man on Channel 4 Detroit?

August 24, 2022

Why is Ben Bailey leaving WDIV?

August 24, 2022

What is a 100000 year period called?

August 23, 2022

Who recently left WDIV?

August 24, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com