CVE-2022-3226

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 19.5 GA

Description The issue allows for OS command injection, enabling the execution of code via SSL VPN configuration uploads. This can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Sophos Firewall versions prior to 19.5 GA, update to version 19.5 GA or later to resolve the issue. As a temporary workaround, consider restricting access to SSL VPN configuration uploads until a patch is applied.