cbcvebase.
CVE-2022-3236
published 2022-09-23

CVE-2022-3236: A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-10-14
Exploited in the wild
EPSS
98.91%
99.9th percentile
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

Affected

2 ranges
VendorProductVersion rangeFixed in
sophosfirewall<= 19.0.1
sophossophos_firewallunspecified – 18.5 MR4

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-3236 affects the User Portal and Webadmin components of Sophos Firewall; monitor for exploit attempts targeting these interfaces from WAN-facing IPs
  • Use Qualys QID 730616 to identify Sophos Firewall installations vulnerable to CVE-2022-3236
  • Over 4,000 internet-exposed Sophos Firewall appliances remained unpatched as of January 2023; scan for exposed User Portal and Webadmin interfaces on internet-facing Sophos devices
  • New exploit attempts against CVE-2022-3236 were identified in December 2023 targeting older, unsupported (EOL) Sophos Firewall firmware versions; prioritize detection on EOL devices
  • ·The hotfix for CVE-2022-3236 is automatically applied only to appliances with 'accept hotfix' enabled; devices with this option disabled remain vulnerable unless manually updated
  • ·Workaround for CVE-2022-3236 when patching is impossible: restrict WAN access to User Portal and Webadmin and use VPN or Sophos Central instead

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.