CVE-2022-1040

Description from NVD

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

Information Acquisition Date:2022-05-10T14:52Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
     source:CONFIRM
     tags:Mitigation    Vendor Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: VMware(2 tweets) Windows(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com59
http://twinybots.ch52
http://cyberiqs.com/latestnews43
https://lists.astaro.com/ASGV9-IPS-rules.html#020
https://tweetedtimes.com/thinksnews?s=tnp7
https://github.com/cve-hunter/CVE-2022-1040-sophos-rce4
https://$host/userportal/Controller?mode=8700&3
https://x.x.x.x/userportal/Controller?mode=8700&3
https://attackerkb.com/topics/cdXl2NL3cR/cve-2022-10403
https://www.sophos.com/en-us/security-advisories/sophos-sa-...3
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero...3
https://thehackernews.com/2022/03/critical-sophos-firewall-...3
https://securityaffairs.co/wordpress/129604/security/sophos...3
https://www.helpnetsecurity.com/2022/03/29/cve-2022-10403
https://www.bleepingcomputer.com/news/security/critical-sop...3
https://blog.viettelcybersecurity.com/cve-2022-1040-sophos-...3

Information from Twitter

User URL Info Source Date
__kokumoto https://www.securityweek.com/most-weaponized-vulnerabilitie... Source __kokumoto       1641088615957815296 2023/03/29

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com59
twinybots.ch52
cyberiqs.com43
lists.astaro.com20
tweetedtimes.com7
github.com4
$host3
x.x.x.x3
attackerkb.com3
www.sophos.com3
www.volexity.com3
thehackernews.com3
securityaffairs.co3
www.helpnetsecurity.com3
www.bleepingcomputer.com3
blog.viettelcybersecurity.com3

Information from Twitter

User URL Info Source
__kokumoto securityweek.com Show Tweet
GitHub Search Results: Up to 10
NameURL
Seatwe/CVE-2022-1040-rce https://github.com/Seatwe/CVE-2022-1040-rce
GitHub Search Results: Up to 10
NameURL
Seatwe/CVE-2022-1040-rce github.com
2023/03/29 Score : 2
Added Har-sia Database : 2022/03/24
Last Modified : 2023/03/29
Highest Scored Date : 2022/03/29
Highest Score : 57