Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks Pierluigi Paganini December 13, 2023 Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions […]
Around 1,450 instances of pfSense, an open-source firewall and router software, are vulnerable to command injection and cross-site scripting flaws. These flaws, if exploited together, could allow attackers to execute remote code on the system.
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. “Attackers can utilize their own Cloudflare accounts to abuse the per-design trust-relationship between Cloudflare and the customers’ websites, rendering the protection mechanism ineffective,” Certitude researcher […]
The effectiveness of Cloudflare’s Firewall and DDoS prevention has been proven to be compromised by an attack technique that takes the use of logical vulnerabilities in cross-tenant security policies. This finding has sparked worries about possible vulnerabilities that could damage the security company’s clients. How Does the Cloudflare Attack Work? The attack only requires the creation […]