Threat Actors Actively Exploit Sophos Web Appliance Vulnerability (CVE-2023-1671)

Written by Mitchell Langley

November 20, 2023

Threat Actors Actively Exploit Sophos Web Appliance Vulnerability (CVE-2023-1671)

Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical vulnerability, marked as CVE-2023-1671, within Sophos Web Appliance. This flaw, a pre-auth command injection vulnerability in the warn-proceed handler, poses a significant risk by allowing attackers to execute arbitrary code.

Discovery and Patching

Disclosed in early April by an external security researcher through Sophos’ bug bounty program, the vulnerability affected all versions of the appliance preceding version Sophos swiftly responded with a patch released in April 2023, pushing the update to users with the default “automatic update” setting enabled.

As a precautionary measure, Sophos urged customers to keep the device behind a firewall, limiting its accessibility via the public internet. Additionally, the company emphasized that Sophos Web Appliance would reach its end of life on July 20, 2023, ceasing to receive security or software updates. Encouraging organizations to transition to Sophos Firewall, the company navigated users toward a more secure future.

Exploitation and Response

Despite the availability of a public Proof of Concept (PoC) exploit for CVE-2023-1671 since late April, attackers hesitated, likely due to the widespread adoption of the default automatic updating setting, which diminished the potential pool of vulnerable targets.

However, recent developments indicate active exploitation, as confirmed by the Cybersecurity and Infrastructure Agency. Regrettably, specific details regarding the nature of these exploits remain undisclosed.

Broader Vulnerability Landscape

In the broader context, CISA identified two additional vulnerabilities, including CVE-2020-2551, an unspecified bug in Oracle WebLogic Server, within its Known Exploited Vulnerabilities (KEV) catalog. Despite being reported and patched in 2020, the inclusion of such vulnerabilities underscores the persistent challenges organizations face in maintaining comprehensive security postures.

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!