Cyber Security

CISA orders agencies to patch actively exploited Sophos firewall bug

Published

on

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks.

As Sophos revealed almost one week ago, the CVE-2022-1040 bug enables attackers to bypass authentication via the User Portal or Webadmin interface and execute arbitrary code remotely.

Two days later, the cybersecurity vendor amended its security advisory, saying it alerted a small set of South Asian organizations targeted with CVE-2022-1040 exploits.

CISA also ordered federal agencies to patch a high severity arbitrary file upload vulnerability (CVE-2022-26871) in the Trend Micro Apex Central product management console that can be abused in remote code execution attacks.

On Tuesday, Trend Micro said it has observed “at least one active attempt of potential exploitation” of this vulnerability in the wild.

CISA added six more vulnerabilities to its Known Exploited Vulnerabilities Catalog today, all of them also exploited in ongoing attacks.

CVEVulnerability NameDue Date
CVE-2022-26871Trend Micro Apex Central Arbitrary File Upload Vulnerability2022-04-21
CVE-2022-1040Sophos Firewall Authentication Bypass Vulnerability2022-04-21
CVE-2021-34484Microsoft Windows User Profile Service Privilege Escalation2022-04-21
CVE-2021-28799QNAP NAS Improper Authorization Vulnerability2022-04-21
CVE-2021-21551Dell dbutil Driver Insufficient Access Control Vulnerability2022-04-21
CVE-2018-10562Dasan GPON Routers Command Injection Vulnerability2022-04-21
CVE-2018-10561Dasan GPON Routers Authentication Bypass Vulnerability2022-04-21
CVE-2014-6324Microsoft Windows Kerberos KDC Privilege Escalation2022-04-21

According to a November 2021 binding operational directive (BOD 22-01), Federal Civilian Executive Branch Agencies (FCEB) agencies must secure their systems against these security flaws, with CISA giving them until April 21 to patch the ones added today.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” the US cybersecurity agency explains.

While the BOD 22-01 directive only applies to FCEB agencies, CISA has also urged private and public sector organizations to prioritize patching these actively abused security bugs to reduce their networks’ exposure to ongoing cyberattacks.

CISA has added hundreds of vulnerabilities to its list of actively exploited bugs after issuing this binding directive, asking US federal agencies to patch them as soon as possible to prevent security breaches.

Since the start of the year, the cybersecurity agency has also ordered agencies to patch actively exploited zero-days in:

Source: https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-actively-exploited-sophos-firewall-bug/

Click to comment
Exit mobile version