Sophos, a British based security software and firewall company reports a critical Remote Code Execution (RCE) vulnerability has been identified and patched. This vulnerability (CVE-2022-1040) has a CVSS base score of 9.8 and impacts all Sophos firewalls v18.5 and later.
This vulnerability allows a threat actor to bypass authentication in login portals then allow the attacker remote execute capabilities. Sophos has a knowledge Base guide to help determine if the hotfix was applied in your environment.
No Cloudience customers are affected by or use this service.
The CloudSentinel threat reporting combines reports from the most highly respected sources alerting Cloudience partners of new threats as they surface. Our threat reports are a culmination of the most advance threat detection systems in tandem with our top threat reporting partnerships providing a strategic, non-biased threat intelligence report.