Customers have been alerted by Sophos that the patched vulnerabilities in version 19.5 of the Sophos Firewall, which become generally available in mid-November, include some that might allow arbitrary code execution.
The most recent Sophos Firewall version includes remedies for seven vulnerabilities in addition to performance and resilience enhancements. CVE-2022-3236, which has a severity rating of “critical,” is one of the vulnerabilities fixed in version 19.5, according to a security warning published on December 1.