{"uuid": "59cec924-f472-4b92-8e7b-53a79e41393a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-1040", "type": "published-proof-of-concept", "source": "https://t.me/secsocteam/281", "content": "\u0644\u0648 \u0623\u0646\u062a Administrator \u0648 \u0634\u063a\u0627\u0644 \u0639\u0644\u0649 Sophos Firewall \u0641\u0639\u0644 \u0627\u0644\u0640 Auto Install Of Hotfix \u0648 \u064a\u0641\u0636\u0644 \u062a\u0642\u0641\u0644 \u0627\u0644\u0640 HTTPS Over \u0627\u0644\u0640 WAN \u0644\u0648 \u0645\u0634 \u0636\u0631\u0648\u0631\u064a \u26a0\ufe0f\n\u0628\u0633\u0628\u0628 \u0638\u0647\u0648\u0631 \u062b\u063a\u0631\u0629 \u0645\u0646 \u0643\u0627\u0645 \u064a\u0648\u0645 \u0628\u062a\u0633\u0645\u062d \u0644\u0644\u0640 Attacker \u0625\u0646\u0647 \u064a\u0640 Bypass \u0627\u0644\u0640 Web Admin \u0648 \u0627\u0644\u0640 User Portal \u0639\u0644\u0649 \u0627\u0644\u0640 Firewall \u26d4\ufe0f\n\u062a\u0635\u0646\u064a\u0641 \u062e\u0637\u0648\u0631\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 9.8 \u0648 \u0631\u0642\u0645\u0647\u0627 CVE-2022-1040 \u0648 \u0628\u062a\u0635\u064a\u0628 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0640 Sophos Firewall 18.5.3 \u0648 \u0627\u0644\u0623\u0642\u062f\u0645 \u0645\u0646\u0647\u0627 \ud83d\udc4c\n\n\u0647\u0646\u0627 \u0647\u062a\u0644\u0627\u0642\u064a \u062d\u0644\u0648\u0644 \u0644\u0640 \u0642\u0641\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0646\u062f\u0643 :\n[1] Sophos Support :\nhttps://support.sophos.com/support/s/article/KB-000043853?language=en_US\n[2] Sophos Docs :\nhttps://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Administration/DeviceAccess/index.html#multi-factor-authentication-mfa-for-the-default-admin\n\u0627\u0644\u0645\u0635\u0627\u062f\u0631 \u0644\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0623\u0643\u062a\u0631 :\n[1] Sophos :\nhttps://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce\n[2] TheHackerNews :\nhttps://thehackernews.com/2022/03/critical-sophos-firewall-rce.html\n\n#Security_Society", "creation_timestamp": "2022-04-01T11:10:08.000000Z"}