Detections
Analytics

CVE-2022-3236

critical

Description

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

References

https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/

https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider

https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

https://www.trendmicro.com/en_us/research/24/k/earth-estries.html

https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/

https://www.theregister.com/2024/09/05/uncle_sam_charges_russian_gru/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a

https://www.bleepingcomputer.com/news/security/sophos-backports-rce-fix-after-attacks-on-unsupported-firewalls/

https://www.mandiant.com/resources/blog/zero-days-exploited-2022

https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Details

Source: Mitre, NVD

Published: 2022-09-23

Updated: 2023-08-08

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical