A patched Sophos vulnerability Web Appliance was found to be exploited in the wild. The first advisory about the critical vulnerability CVE-2023-1671 was published on April 4, 2023. This pre-auth command injection Sophos vulnerability allowed the execution of arbitrary code.
Details about the pre-auth command injection Sophos vulnerability
The pre-auth command injection Sophos vulnerability was found in the versions prior to 4.3.10.4. CVE-2023-1671 had a severity score of 9.8. The vulnerability was discovered through the Sophos bug bounty program by a security researcher.
Sophos wrote in its advisory that no action was required from customers because the update would install automatically by default. The patch was written in Perl script that shells to another Perl script.
A GitHub advisory read that the pre-auth command injection Sophos vulnerability had a low attack complexity and required neither added privileges nor user interaction. The gravity of the cyberattacks exploiting the patched Sophos vulnerability is not clear yet.
Besides running arbitrary code, a hacker may transfer user data including session cookies and forms to inject a command in the system shell.
Along with the pre-auth command injection flaw, two other vulnerabilities were also noted namely, CVE-2022-4934, and CVE-2020-36692 that impacted the Sophos web appliance. While the former was a high-severity vulnerability, the latter was a medium severity.
Sophos Vulnerability exploitation report
The exploitation of vulnerabilities witnessed a decline in the number in 2022 to 15% while zero-day exploitation came down to 42% from 52% in 2021. About 56% of publicly disclosed vulnerabilities were found to be exploited within 7 days of their disclosure.
“In 2020, 30% of our report vulnerabilities were exploited in the wild within a week of disclosure. In 2021, that went up to 50%. In 2022, 56% of our reported vulnerabilities were exploited within a week of disclosure,” Caitlin added further.
This highlights the need for expert hands that can work towards not just bug hunting but also immediate patching of vulnerabilities that can otherwise put the entire enterprise at risk.
The pressure exerted on security teams to follow up with the cycle of bug hunting and other procedures is leading to burnout which needs attention not only from corporates but also governments. They need to create a work-plan, and policy that fosters a healthy work environment in terms of distributing work to staff and addressing vulnerabilities and other tasks in a timely manner.