CVE-2022-3236

CRITICAL KEV NUCLEI

Sophos Firewall <19.0 MR1 - Code Injection

Title source: llm

Description

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

Exploits (2)

inthewild

poc

https://github.com/subvers1on/cve-2022-3236-rce-poc

View on inthewild

inthewild

poc

https://github.com/adynervi/cve-2022-3236-mass-rce

View on inthewild

Nuclei Templates (1)

Sophos Firewall <= 19.0 MR1 - Remote Code Execution

CRITICALVERIFIEDby daffainfo

Shodan: http.title:"Sophos"

FOFA: title="sophos"

References (2)

[Vendor Advisory] https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236

Scores

CVSS v3 9.8

EPSS 0.9284

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-09-23

VulnCheck KEV 2022-09-16

InTheWild.io 2022-09-16

ENISA EUVD EUVD-2022-42644

CWE

CWE-94

Status published

Products (1)

sophos/firewall < 19.0.1

Published Sep 23, 2022

KEV Added Sep 23, 2022

Tracked Since Feb 18, 2026