CVE-2022-3226

Hello Andre Soares ,

Thank you for reaching out to the community, here is the work around mentioned - https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

The best mitigation is V19.5. 

The CVE clearly explains, in which scenario the firewall is affected. It is about the customer to decide, if they want to wait or install the update. 

Hi Andre, 

For CVE-2022-3226, this vulnerability is only exploitable when an attacker has administrator privilege and uploads a malicious file onto the Firewall. 

If you are concerned about this vulnerability, like Luca said the best course of action is to upgrade to SFOS v19.5.