CVE-2022-1040
CVE-2022-1040
In short
A security flaw in Sophos Firewall lets attackers skip login checks and run malicious code without credentials. This is critical because it gives complete control of the firewall to anyone on the network.
Technical detail
An authentication bypass vulnerability in the User Portal and Webadmin interfaces permits unauthenticated remote code execution on Sophos Firewall v18.5 MR3 and earlier. The attack vector is network-based with no prior authentication required, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Sophos · Sophos Firewallpublic PoCs found — 9
githubgithub.com/jam620/Sophos-Vulnerability★ 18githubgithub.com/killvxk/CVE-2022-1040★ 16githubgithub.com/Keith-amateur/cve-2022-1040★ 3githubgithub.com/jackson5sec/CVE-2022-1040★ 2githubgithub.com/Cyb3rEnthusiast/CVE-2022-1040★ 1githubgithub.com/xMr110/CVE-2022-1040★ 0githubgithub.com/michealadams30/CVE-2022-1040★ 0cve_referencewww.exploit-db.com/exploits/51006unverifiedcve_referencepacketstormsecurity.com/files/168046/Sophos-XG115w-Firewall-17.0.10-MR-10-Authentication-Bypass.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/168046/Sophos-XG115w-Firewall-17.0.10-MR-10-Authentication-Bypass.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1040https://www.exploit-db.com/exploits/51006https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce