Sophos Firewall

Discussions CVE-2022-3226

Sophos Firewall requires membership for participation - click to join

Thread Info

State Verified Answer
Locked Locked
Replies 3 replies
Subscribers 29 subscribers
Views 915 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CVE-2022-3226

Andre Soares over 2 years ago

Hello everybody.
What is Sophos' recommendation for mitigating CVE-2022-3226 until the 19.5 update is released to everyone?

nvd.nist.gov/.../CVE-2022-3226

This thread was automatically locked due to age.

Top Replies

Vivek Jagad over 2 years ago +2 verified

Hello Andre Soares , Thank you for reaching out to the community, here is the work around mentioned - https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

+1 Vivek Jagad over 2 years ago

Hello Andre Soares ,

Thank you for reaching out to the community, here is the work around mentioned - https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
Cancel
Vote Up +2 Vote Down

Cancel
0 LuCar Toni over 2 years ago

The best mitigation is V19.5.

The CVE clearly explains, in which scenario the firewall is affected. It is about the customer to decide, if they want to wait or install the update.
Cancel
Vote Up 0 Vote Down

Cancel
0 bobbylam over 2 years ago

Hi Andre,

For CVE-2022-3226, this vulnerability is only exploitable when an attacker has administrator privilege and uploads a malicious file onto the Firewall.

If you are concerned about this vulnerability, like Luca said the best course of action is to upgrade to SFOS v19.5.
Cancel
Vote Up 0 Vote Down

Cancel