Security software and hardware company Sophos has released a security patch to address a remote code execution vulnerability in its network firewall product that has been actively exploited by hackers.
The security issue (CVE-2022-3236) is a code injection flaw that exists due to improper input validation in the User Portal and Webadmin interfaces of Sophos Firewall. The vulnerability allows a remote non-authenticated attacker execute arbitrary code on the target system via a specially crafted request.
“No action is required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled on remediated versions. Enabled is the default setting,” Sophos noted in a security advisory.
The company said it has “observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” adding that it has notified the affected entities about the attacks.
Earlier this month, antivirus software provider Trend Micro released patches to address multiple vulnerabilities in its Apex One and Apex One SaaS endpoint security solution, including a zero-day issue said to have been exploited by malicious actors.