Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows arbitrary code execution. This vulnerability (CVE-2022-1040) has been assigned with a 9.8 CVSS score and exploitation of this security bug allows a remote attacker who can access the Firewall's User Portal or Webadmin interface to bypass authentication and execute arbitrary code. To address the flaw, Sophos released hotfixes and workarounds.

More information on vulnerability and updates is available in the Sophos advisory – sophos.com.