{"uuid": "5351bb5b-6edf-4c2d-b243-8a82eac8d3a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-1040", "type": "exploited", "source": "https://t.me/cKure/9228", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Sophos' CVE-2022-1040 Zero-Day was used by state sponsored threat actor(s) in the wild says Sophos.\n\nThe exploit can be triggered remotely via crafter HTTP-POST request at authentication page of the firewall.\n\nWorkarounds exist. Best one is to take the Sophos consoles offline from www (host internally).\n\n\u25cf The exploit was used by apparently Russia \ud83c\uddf7\ud83c\uddfa and China \ud83c\udde8\ud83c\uddf3 based Ragnarok ransomeware group to push their malware.", "creation_timestamp": "2022-03-31T13:56:46.000000Z"}