[Updated] Multiple Vulnerabilities in Sophos Firewall

Sophos has released hotfixes to address multiple critical and high severity vulnerabilities found in their firewalls that is reported to be exploited in the wild. These vulnerabilities affect releases older than Sophos Firewall version 19.5 GA (19.5.0).

The vulnerabilities are:

• CVE-2022-3236: A code injection vulnerability that allows remote code execution.
• CVE-2022-3226: An OS command injection vulnerability that allows administrators to execute code via SSL VPN configuration uploads.
• CVE-2022-3713: A code injection vulnerability that allows adjacent attackers to execute code in the Wifi controller. 
• CVE-2022-3696: A post-authorisation code injection vulnerability that allows administrators to execute code in Webadmin.

Administrators and users of the affected product versions are advised to upgrade to Sophos Firewall version 19.5 GA (19.5.0) immediately.

More information is available here:

https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

https://www.bleepingcomputer.com/news/security/sophos-warns-of-new-firewall-rce-bug-exploited-in-attacks/