Thousands of Sophos Firewall devices at risk of RCE attacks

More than 4,000 internet-connected Sophos Firewall devices continue to have the critical remote code execution flaw, tracked as CVE-2022-3236, unpatched despite the release of hotfixes last September and the issuance of official patches in December, reports BleepingComputer. Over 99% of more than 88,000 internet-facing Sophos Firewalls have not been updated to versions with the official fix, a VulnCheck report showed. "But around 93% are running versions that are eligible for a hotfix, and the default behavior for the firewall is to automatically download and apply hotfixes (unless disabled by an administrator). That still leaves more than 4,000 firewalls (or about 6% of internet-facing Sophos Firewalls) running versions that didn't receive a hotfix and are therefore vulnerable," said researcher Jacob Baines. While a proof-of-concept exploit for the vulnerability is yet to be released, threat actors could potentially reproduce the exploit based on available technical data, as done by Baines, to conduct a new wave of attacks, which Baines noted could be hindered by required CAPTCHAs during authentication.