Expert Warns That 6% of Sophos Firewalls That Face the Internet Are Vulnerable to Critical Exploit

According to a cybersecurity expert, hackers may have used a serious exploit to attack more than 4,400 systems using Sophos Firewall. According to the research, fraudsters may have exploited the circumstance by running malicious code on unpatched PCs. Mass exploitation is not expected to occur right now, though. Some servers running Sophos Firewall, according to a security researcher, have not yet received a "hotfix." Sophos stated that a vulnerability with a severity level of 9.8 out of 10 existed back in September 2022. The team claimed that CVE-2022-3236 was then capable of executing remote code on Sophos Firewalls. [caption id="" align="aligncenter" width="1500"] Image credit- Tech Times[/caption] The team urged customers to immediately patch their devices because vulnerabilities are present everywhere to stop these intrusions. Over 4,400 servers appear to have been impacted by the exploit despite the warning, according to a blog post last week by VulnCheck. According to the security firm, the incident only affected about 6% of all Sophos firewalls. Much while they are small in number, certain servers may have been even more vulnerable if they are not kept up to date with patches. Also Read: Review of Flow VPN: Has coverage from over 100 servers  Jacob Baines, a researcher at VulnCheck, claims that more than 99% of internet servers are still using outdated versions of Sophos Firewall. However, he continues, "around 93% are running versions that are eligible for a hotfix, and the firewall's normal function is to automatically download and apply hotfixes (unless deactivated by an administrator)." Despite the hotfix, over 4,000 internet-facing firewalls are still thought to be vulnerable to the vulnerability, according to Baines. [caption id="" align="aligncenter" width="800"] Image credit- Ars Technica[/caption] Two Signs of a Possible Compromise Baines is currently looking for a potential solution to fix the vulnerability issue for the unpatched systems, according to a Zero Day Initiative advisory. Users should be alert to the two signs that could result in the servers being compromised if the firewalls are still not patched. Looking at the login request reveals the obvious indication that the vulnerability has been exploited. Even if the hacker just tries to get in, the server has likely been abused if there is a _discriminator field there. According to security experts, mass exploitation won't occur because authentication must be bypassed in order to carry out the large operation. This indicates that a failed CAPTCHA will undoubtedly result in the server being exploited. The CAPTCHA must be programmed in order for hackers to join the system, which would provide them with still another challenge.