CVE-2022-1040
Sophos Firewall Authentication Bypass Vulnerability
CVSS
—
No CVSS
EPSS
99.8%
p100
KEV
YES
Mar 31, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
99.8%EPSS · 30 days99.8%
2026-06-302026-07-16
Product
Sophos / Firewall
Vulnerability
Sophos Firewall Authentication Bypass Vulnerability
Added to KEV
Mar 31, 2022
Remediate by
Apr 21, 2022
Known ransomware use
No
Summary description
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-1040
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2022-3236—99.9%
KEV—80Sophos Firewall Code Injection Vulnerability—