Threat Advisory

Zero-Day RCE Vulnerability in Sophos Firewall

September 27, 2022 | By Accorian

Sophos has disclosed a critical zero-day vulnerability. The vulnerability is a code injection attack with a CVSS score of 9.8. The affected installations can lead to remote code execution (RCE) if successfully exploited. The Sophos Firewall’s User Portal and WebAdmin are impacted by CVE-2022-3236. Older versions of Sophos Firewall, such as 19.0 MR1 (19.0.1), are considered to be vulnerable to the attack.

Sophos claims that customers who have activated the feature for automated installation of hotfixes are not required to take any further action. Customers are advised to upgrade to the recent versions if they do not have the feature enabled. Sophos released hotfixes and added the fix to several versions, including v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), and others. Please see this page for the entire list.

Additionally, workarounds are made available, such as blocking WAN access to the Webadmin and User Portal. Users can use a VPN or the Sophos Central cloud management platform for remote access and management. Meanwhile, Sophos announced that all impacted organizations have received direct communication.

Accorian can help identify this vulnerability in your environment. 


Threat Advisory Team 


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide