top of page
  • Clipeus

Active Exploitation Of Legacy Sophos Firewall Instances

On 11 December 2023, Sophos reported exploitation attempts targeting end-of-life (EOL) instances vulnerable to a User Portal and Webadmin of Sophos Firewall code injection vulnerability fixed in September 2022 (CVE-2022-3236). Attacks in the wild have been observed against versions 19.0.1 and older.

Sophos recommends re-enabling auto-update to roll out the September 2022 fix for EOL instances or upgrading manually. However, Sophos User Portal users are vulnerable only if their instance is exposed to the wide area network. Potential workarounds include preventing such exposure.


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page