Pierluigi Paganini
April 01, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-1040 flaw in the Sophos firewall, along with seven other issues, to its Known Exploited Vulnerabilities Catalog.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
The new vulnerabilities added to the catalog have to be addressed by federal agencies by April 21, 2022.
The CVE-2022-1040 is an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall.
The vulnerability received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. The vulnerability was reported to the security firm by an unnamed security researcher via its bug bounty program.
“An authentication bypass vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed.” reads the advisory published by the company.
A remote attacker with access to the Firewall’s User Portal or Webadmin interface can exploit the flaw to bypass authentication and execute arbitrary code.
The security vendor pointed out that the hotfixes will be automatically installed on its devices by default.
The company also recommends customers avoid exposing their User Portal and Webadmin to WAN.
Sophos is also warning that the CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks aimed at a small set of Asian organizations.
CISA also ordered federal agencies to patch a high severity arbitrary file upload vulnerability (CVE-2022-26871) in the Trend Micro Apex Central product management console that can be abused in remote code execution attacks.
On Tuesday, Trend Micro said it has observed “at least one active attempt of potential exploitation” of this vulnerability in the wild.
CISA added six more vulnerabilities to its Known Exploited Vulnerabilities Catalog today, all of them also exploited in ongoing attacks.
CISA also ordered federal agencies to patch an arbitrary file upload vulnerability in Trend Micro Apex Central (CVE-2022-26871) and a privilege escalation in Microsoft Windows (CVE-2021-34484).
Below is the list of recently added vulnerabilities:
| CVE | Vulnerability Name | Due Date |
| CVE-2022-26871 | Trend Micro Apex Central Arbitrary File Upload Vulnerability | 2022-04-21 |
| CVE-2022-1040 | Sophos Firewall Authentication Bypass Vulnerability | 2022-04-21 |
| CVE-2021-34484 | Microsoft Windows User Profile Service Privilege Escalation | 2022-04-21 |
| CVE-2021-28799 | QNAP NAS Improper Authorization Vulnerability | 2022-04-21 |
| CVE-2021-21551 | Dell dbutil Driver Insufficient Access Control Vulnerability | 2022-04-21 |
| CVE-2018-10562 | Dasan GPON Routers Command Injection Vulnerability | 2022-04-21 |
| CVE-2018-10561 | Dasan GPON Routers Authentication Bypass Vulnerability | 2022-04-21 |
| CVE-2014-6324 | Microsoft Windows Kerberos KDC Privilege Escalation | 2022-04-21 |
The CISA Catalog has reached a total of 609 entries with the latest added vulnerabilities.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, BazarLoader)
[adrotate banner=”5″]
[adrotate banner=”13″]
