All vulnerabilities
CVE-2022-1040
Sophos Firewall Authentication Bypass Vulnerability
Sophos — Firewall
- Added to KEV catalog
- 31 March 2022
- Federal remediation due date
- 21 April 2022
- Weakness classification (CWE)
- CWE-158
CISA Description
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-1040
More Sophos Vulnerabilities
CVE-2020-15069
Sophos XG Firewall Buffer Overflow Vulnerability
CVE-2020-29574
CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2023-1671
Sophos Web Appliance Command Injection Vulnerability
CVE-2022-3236
Sophos Firewall Code Injection Vulnerability
CVE-2020-25223
Sophos SG UTM Remote Code Execution Vulnerability
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services