Threat Advisory

Zero-Day RCE Vulnerability in Sophos Firewall

September 27, 2022 | By Accorian

Sophos has disclosed a critical zero-day vulnerability. The vulnerability is a code injection attack with a CVSS score of 9.8. The affected installations can lead to remote code execution (RCE) if successfully exploited. The Sophos Firewall’s User Portal and WebAdmin are impacted by CVE-2022-3236. Older versions of Sophos Firewall, such as 19.0 MR1 (19.0.1), are considered to be vulnerable to the attack.

Sophos claims that customers who have activated the feature for automated installation of hotfixes are not required to take any further action. Customers are advised to upgrade to the recent versions if they do not have the feature enabled. Sophos released hotfixes and added the fix to several versions, including v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), and others. Please see this page for the entire list.

Additionally, workarounds are made available, such as blocking WAN access to the Webadmin and User Portal. Users can use a VPN or the Sophos Central cloud management platform for remote access and management. Meanwhile, Sophos announced that all impacted organizations have received direct communication.

Accorian can help identify this vulnerability in your environment. 


Threat Advisory Team 


Recent Post

    Ready to Start?

      Ready to Start?

        Download Case study

          Download Guide

          Human Resources Director

          Posted On: 09 May, 2022

          Drop your CVs to

            Interested Position

            First Name

            Last Name


            Total Experience

            Mobile Number

            Upload Resume