.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Critical
Sophos Firewall v19.5 GA Resolves Security Vulnerabilities
CVE(N)
CVE-2022-3236
CVE-2022-3226
CVE-2022-3713
CVE-2022-3696
CVE-2022-3709
CVE-2022-3711
CVE-2022-3710
PRODUKT(E)
Sophos Firewall
Aktualisiert
2022 Dec 6
Artikelversion
3
Erstellt
2022 Dec 1
Veröffentlichungs-ID
sophos-sa-20221201-sfos-19-5-0
Workaround
No
Overview
The Sophos Firewall v19.5 GA (19.5.0) release fixes the following security issues (users of older versions are required to upgrade.)
CVE ID | Description | Severity | Fix Version(s) |
|---|---|---|---|
CVE-2022-3236 | A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin. Hotfixes for this issue have been released. See https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce for details. | CRITICAL |
|
CVE-2022-3226 | An OS command injection vulnerability allowing admins to execute code via SSL VPN configuration uploads was discovered by Sophos during internal security testing. | HIGH |
|
CVE-2022-3713 | A code injection vulnerability allowing adjacent attackers to execute code in the Wifi controller was discovered by Sophos during internal security testing. It requires attackers to be connected to an interface with the Wireless Protection service enabled. | HIGH |
|
CVE-2022-3696 | A post-auth code injection vulnerability allowing admins to execute code in Webadmin was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program. | HIGH |
|
CVE-2022-3709 | A stored XSS vulnerability allowing admin to super-admin privilege escalation in the Webadmin import group wizard was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program. | MEDIUM |
|
CVE-2022-3711 | A post-auth read-only SQL injection vulnerability allowing users to read non-sensitive configuration database contents in the User Portal was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program. | MEDIUM |
|
CVE-2022-3710 | A post-auth read-only SQL injection vulnerability allowing API clients to read non-sensitive configuration database contents in the API controller was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program. Sophos would like to thank Erik de Jong for responsibly disclosing this issue to Sophos. | LOW |
|
Notes
Sophos always recommends that Sophos Firewall customers upgrade to the latest available release at their earliest opportunity
Related information
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3710
https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v195-is-now-available
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.