CVE-2022-3696

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 19.5 GA

Description A post-auth code injection issue allows admins to execute code in the Webadmin of Sophos Firewall. This issue does not specify the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For Sophos Firewall versions prior to 19.5 GA, update to version 19.5 GA or later to resolve the issue. As a temporary workaround, consider restricting access to the Webadmin interface until the update is applied.