Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 30 Mar 2022
Last updated: 30 Mar 2022

Content written for

Small & medium business
Large organisations & infrastructure
Government

Background /What has happened?

A remote code execution (RCE) vulnerability (CVE-2022-1040) has been identified in User Portal and Webadmin of Sophos Firewall in versions 18.5 MR3 (18.5.3) and older. Sophos Firewall software provides network and user endpoint security. 

Exploitation of an RCE vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.

Exploitation attempts have been observed. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is not aware of any successful exploitation attempts against Australian organisations.

Further information on this vulnerability, including available patches, is available in a Sophos security advisory.

Mitigation / How do I stay secure? 

Australian organisations who use Sophos Firewall versions prior to v18.5 should review their patch status and update to the latest version. 

Sophos Firewall have released a security advisory and hotfix for the affected Firewall versions.

Assistance / Where can I go for help? 

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is monitoring the situation and is able to provide assistance or advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371). 

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?