Vulnerability in Sophos XGS Firewalls fixed – CVE-2022-3236
27th September 2022
Sophos has fixed a very high criticality vulnerability (CVE-2022-3236) in the User Portal and Webadmin Tool for XGS Firewalls that could allow an attacker to perform remote code execution.
To prevent the vulnerability from being exploited, the User Portal and Webadmin Tool must not be accessible via the Internet, see Sophos Security Advisory. If the Automatic Hotfixes feature is enabled, the available hotfix is installed automatically.
In customer environments set up by VIVAVIS and protected by Sophos XGS firewalls, the above security measures are implemented. Specifically, the user portal is not accessible from the Internet, the Webadmin tool is only accessible from VIVAVIS IP-addresses and the Automatic Hotfixes function is activated. If no changes have been made by the customer, no further action is required.
If you have further questions or need support, please contact our customer center.
Our RSS feed always keeps you up to date! This way, you’ll receive same-day notification when a new article has been posted to the IT Security Bulletin. Just enter the following link in your feed reader:
You can find out how to integrate the RSS feed into Outlook here.