Guest User!
You are not Sophos Staff.
It is good that Sophos has released fixes for this RCE vulnerability and we know that making sure Webadmin and the User Portal are not exposed to the Internet at large effectively mitigate the threat, but are there any IOCs that can be hunted for to determine if a customer's firewall has been compromised or attacked with the exploit(s) for this vulnerability?
Hello Clayton Dillard,
Thank you for reaching out to the community, https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
between you can use various tools available to run the vulnerability scan tool for Sophos firewall, and if found any, later you can submit the CVE report by opening the Sophos Support service request !!
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
In that case following article may be helpful -
Sophos Labs queries in relation to Sophos protection against specific file hashes: https://support.sophos.com/support/s/article/KB-000039321?language=en_US
Source of Infection Tool: How to run SOI on Windows startup: https://support.sophos.com/support/s/article/KB-000034711?language=en_US
=========
But not a direct IOC tool for the firewall !
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
In that case following article may be helpful -
Sophos Labs queries in relation to Sophos protection against specific file hashes: https://support.sophos.com/support/s/article/KB-000039321?language=en_US
Source of Infection Tool: How to run SOI on Windows startup: https://support.sophos.com/support/s/article/KB-000034711?language=en_US
=========
But not a direct IOC tool for the firewall !
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
