The company’s developers have closed three vulnerabilities in Sophos Web Appliance (SWA). One of them is considered a critical vulnerability and allows attackers to inject and execute malicious code. IT managers should check if the bug-fixed version is already installed and running on the device.
The most critical vulnerability has been found in the “Warn-Proceed” processor and allows attackers to inject arbitrary commands without prior logging (CVE-2023-1671, no CVSS yet, risk”very importantLogged in users with administrator role can execute arbitrary code due to exception handler vulnerability (CVE-2022-4934, still without CVSS, high). The third leak allows for a cross-site scripting attack, where attackers can execute malicious JavaScript code in their browser after a victim clicks a generated link (CVE-2020-36692, without CVSS, middle).
Sophos Web Appliance: Automatic updates
Updating the software’s state closes security vulnerabilities 4.3.10.4. By default, Sophos Web Appliances downloads and installs updates automatically. However, administrators should check if they are already up to date or if a reboot is necessary, for example.
Sophos also points out in the security message Indicates that the Sophos Web Appliance will reach the end of its life on July 20, 2023 and will no longer receive support. The company also recommends not giving direct access to the Sophos Web Appliance from the Internet, but closing it with a firewall. a Article in the Sophos Knowledge Base Shows that Web Appliance users should go to Sophos Firewall.
Sophos was informed of the vulnerability as part of a bug bounty program, so it appears it has not yet been exploited in the wild. Things have been quiet around Sophos Web Appliance for a long time. The vulnerabilities were last noticed in mid-2017, prompting the manufacturer to deliver updates over encrypted HTTPS.
(DMK)
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”