Sophos says it has provided a fix to a critical RCE bug known to be actively exploited primarily in South Asia. The vulnerability, which is now tracked as CVE-2022-1040, has a CVSS rating of 9.8. The bug is an authentication bypass vulnerability in the User Portal and Webadmin of Sophos Firewall and allows a remote attacker to execute code in all of its versions prior to v18.5 MR3 (185.3) The Australian Cyber Security Center issued an alert today, asking Australian organizations to apply the necessary patches at the earliest opportunity.”]
Source: https://www.cuinfosecurity.com/sophos-patches-critical-rce-bug-exploited-in-wild-a-18816