■■■■■ Sophos’ CVE-2022-1040 Zero-Day was used by state sponsored threat actor in the wild says Sophos.
The exploit can be triggered remotely via crafter HTTP-POST request at authentication page of the firewall.
Workarounds exist. Best one is to take the Sophos consoles offline from www (host internally).
● The exploit was used by apparently Russia and China based Ragnarok ransomeware group to push their malware.