Comment from Tenable on Sophos critical firewall vulnerability
“On March 25, a Friday, Sophos released patches for a critical remote code execution flaw in its Firewall solution. A vulnerability in a security product that receives a CVSSv3 severity of 9.8 is cause for immediate concern.
“Many Sophos Firewall users won’t need to take any additional actions to patch this flaw as the Sophos Firewall has “Allow automatic installation of hotfixes” enabled by default. However, any organization that has manually disabled this feature, or is running “older versions” of Sophos Firewall, should look to urgently patch given a vulnerable firewall is a major security concern.
“In 2020, threat actors used a SQL injection flaw in Sophos XG Firewalls, CVE-2020-12271, with the same severity in targeted attacks as a zero day. CVE-2020-12271 allowed attackers to exfiltrate sensitive data, while CVE-2022-1040 could allow them to execute arbitrary code.”– Claire Tills, senior research engineer, Tenable
Black Desert reveals Major Content Update Plans at CalpheON Episode 2
