Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-1040 PoC — Sophos Firewall 授权问题漏洞

Source
https://github.com/Cyb3rEnthusiast/CVE-2022-1040
Associated Vulnerability
Title:Sophos Firewall 授权问题漏洞 (CVE-2022-1040)
Description:An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
Description
New exploitation of 2020 Sophos vuln
Readme
# CVE-2022-1040-sophos-rce-poc
# sophos rce poc
sophos webmin portal auth bypass and rce all in one script;
The vulnerability affects Sophos Firewall v18.5 MR3 (18.5.3) and older

# Mitigation:
update to latest version asap
https://support.sophos.com/support/s/article/KB-000043853?language=en_US

to avoid misusing of this script its not for free:
it contains the script and a freshly dumped ip list ~190k from shodan with probably high number of vulnerable targets.
happy hunting...
https://satoshidisk.com/pay/CFMPjW
File Snapshot

 [4.0K]  /data/pocs/94ec8daa554376d19f1693fbfeba3419b7160833
├── [  35]  cve-2022-1040-mass.py
└── [ 520]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →