U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-1040 flaw in the Sophos firewall, along with seven other issues, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational […]

CISA BlueHammer (CVE-2026-33825)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-1040 flaw in the Sophos firewall, along with seven other issues, to its Known Exploited Vulnerabilities Catalog.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

The new vulnerabilities added to the catalog have to be addressed by federal agencies by April 21, 2022.

The CVE-2022-1040 is an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall.

The vulnerability received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. The vulnerability was reported to the security firm by an unnamed security researcher via its bug bounty program.

“An authentication bypass vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed.” reads the advisory published by the company.

A remote attacker with access to the Firewall’s User Portal or Webadmin interface can exploit the flaw to bypass authentication and execute arbitrary code.

Sophos Firewall User Portal interface
Source Sophos community

The security vendor pointed out that the hotfixes will be automatically installed on its devices by default.

The company also recommends customers avoid exposing their User Portal and Webadmin to WAN.

Sophos is also warning that the CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks aimed at a small set of Asian organizations.

CISA also ordered federal agencies to patch a high severity arbitrary file upload vulnerability (CVE-2022-26871) in the Trend Micro Apex Central product management console that can be abused in remote code execution attacks.

On Tuesday, Trend Micro said it has observed “at least one active attempt of potential exploitation” of this vulnerability in the wild.

CISA added six more vulnerabilities to its Known Exploited Vulnerabilities Catalog today, all of them also exploited in ongoing attacks.

CISA also ordered federal agencies to patch an arbitrary file upload vulnerability in Trend Micro Apex Central (CVE-2022-26871) and a privilege escalation in Microsoft Windows (CVE-2021-34484).

Below is the list of recently added vulnerabilities:

CVEVulnerability NameDue Date
CVE-2022-26871Trend Micro Apex Central Arbitrary File Upload Vulnerability2022-04-21
CVE-2022-1040Sophos Firewall Authentication Bypass Vulnerability2022-04-21
CVE-2021-34484Microsoft Windows User Profile Service Privilege Escalation2022-04-21
CVE-2021-28799QNAP NAS Improper Authorization Vulnerability2022-04-21
CVE-2021-21551Dell dbutil Driver Insufficient Access Control Vulnerability2022-04-21
CVE-2018-10562Dasan GPON Routers Command Injection Vulnerability2022-04-21
CVE-2018-10561Dasan GPON Routers Authentication Bypass Vulnerability2022-04-21
CVE-2014-6324Microsoft Windows Kerberos KDC Privilege Escalation2022-04-21

The CISA Catalog has reached a total of 609 entries with the latest added vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BazarLoader)

[adrotate banner=”5″]

[adrotate banner=”13″]