CVE-2022-3710 : What You Need to Know

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.

Understanding CVE-2022-3710

This CVE describes a post-authentication SQL injection vulnerability in Sophos Firewall releases prior to version 19.5 GA.

What is CVE-2022-3710?

CVE-2022-3710 is a vulnerability that permits API clients to access non-sensitive configuration database information through a read-only SQL injection attack.

The Impact of CVE-2022-3710

The vulnerability has a low severity base score of 2.7, with the potential to allow unauthorized access to non-sensitive data within Sophos Firewall.

Technical Details of CVE-2022-3710

This section provides a more in-depth look into the vulnerability.

Vulnerability Description

The vulnerability allows API clients to execute read-only SQL injection attacks, enabling them to access configuration database contents.

Affected Systems and Versions

Sophos Firewall releases older than version 19.5 GA and those less than version 19.0 MR2 are impacted by this vulnerability.

Exploitation Mechanism

The vulnerability can be exploited post-authentication by API clients to access the non-sensitive configuration database information.

Mitigation and Prevention

Here are some steps to mitigate and prevent exploitation of CVE-2022-3710.

Immediate Steps to Take

Upgrade to version 19.5 GA or higher to eliminate the vulnerability.
Monitor API access and restrict privileges to prevent unauthorized database access.

Long-Term Security Practices

Regularly update the firewall software to the latest version to patch known vulnerabilities.
Conduct security training for personnel to enhance awareness of SQL injection risks.

Patching and Updates

Stay informed about security advisories from Sophos and promptly apply patches to address any identified vulnerabilities.