.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
High
Sophos Firewall v19.0 MR1 Resolves Security Vulnerabilities
CVE(N)
CVE-2022-1292
CVE-2022-1807
PRODUIT(S)
Sophos Firewall
Mis à jour
2022 Sep 7
Version de l'article
1
Publié
2022 Sep 7
ID de publication
sophos-sa-20220907-sfos-19-0-1
Solution alternative
No
Overview
The Sophos Firewall v19.0 MR1 (19.0.1) release fixes the following security issues (users of older versions are required to upgrade.)
CVE ID | Description | Severity |
|---|---|---|
CVE-2022-1292 (OpenSSL) | An OS command injection vulnerability allowing for admins in Webadmin of Sophos Firewall to execute shell commands was discovered and responsibly disclosed to Sophos by an external security researcher. It was reported via the Sophos bug bounty program. Sophos identified the root cause in an OpenSSL component and reported the issue to the OpenSSL security team. It was fixed in OpenSSL versions 3.0.3, 1.1.1o, and 1.0.2ze. | HIGH |
CVE-2022-1807 | Multiple SQLi vulnerabilities allowing for privilege escalation from admin to super-admin in Webadmin of Sophos Firewall were discovered and responsibly disclosed to Sophos by an external security researcher. They were reported via the Sophos bug bounty program. | HIGH |
Notes
Sophos always recommends that Sophos Firewall customers upgrade to the latest available release at their earliest opportunity
Related information
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.