Skip to main content

Sophos Firewall Remote Code Execution Vulnerability

Last Update Date: 30 Mar 2022 Release Date: 28 Mar 2022 3637 Views

RISK: Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Sophos Firewall. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.


[Updated on 2022-03-30] CVE-2022-1040 is being exploited in the wild and the risk level is changed from medium risk to extremely high risk correspondingly.


  • Remote Code Execution

System / Technologies affected

  • Sophos Firewall version prior to v18.5 MR3 (18.5.3)


Before installation of the software, please visit the vendor web-site for more details.


Apply fixes issued by the vendor:


Note: There is no action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.

Vulnerability Identifier


Related Link