Sophos Firewall
tcp/443
xxxx
tcp/443
The following Sophos firewall is publicly accessible and looks out-dated :
It is critical to update to a safe version as soon as possible since multiple CVEs allow remote attackers to DoS or achieve RCE (Remote code execution) on the firewall. Those vulnerabilities are currently used in ransomware campaign and could damage your network.
Reference:
Severity: critical
Fingerprint: 0b25d4f0a9de5b4d45769e527b15558e7b15558e7b15558e7b15558e7b15558e
Found SOPHOS firewall user portal Vulnerable to CVE-2022-1040
Malicious users exploiting this vulnerability may be able to read and/or write information to shared directories.
This may also include IPC services and lead to remote code execution.
Severity: high
Fingerprint: 22420ce026fa767de22ea8c31731519cff1ee3f68f4335c6efda8cfbd6223e07
Found open SMB shares with NT AUTHORITY/ANONYMOUS LOGON Public Web Download Music Video Eva Photo Archive X Software Misc Media Biztelli Time Machine Plex IPC$
Open service 61.220.40.181:443
2024-05-12 18:03
Found SOPHOS firewall user portal
Open service 61.220.40.181:443
2024-05-12 18:03
HTTP/1.1 302 Found Date: Fri, 22 Oct 2021 07:49:02 GMT Server: xxxx X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp Cache-Control: max-age=2592000 Expires: Sun, 21 Nov 2021 07:49:02 GMT Content-Length: 245 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 302 Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p> </body></html>
Open service 61.220.40.181:443
2024-05-08 12:59
HTTP/1.1 302 Found Date: Mon, 18 Oct 2021 02:44:17 GMT Server: xxxx X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp Cache-Control: max-age=2592000 Expires: Wed, 17 Nov 2021 02:44:17 GMT Content-Length: 245 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 302 Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p> </body></html>
Open service 61.220.40.181:443
2024-05-08 12:59
Found SOPHOS firewall user portal
Open service 61.220.40.181:443
2024-04-30 19:30
HTTP/1.1 302 Found Date: Sun, 10 Oct 2021 09:15:22 GMT Server: xxxx X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp Cache-Control: max-age=2592000 Expires: Tue, 09 Nov 2021 09:15:22 GMT Content-Length: 245 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 302 Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p> </body></html>
Open service 61.220.40.181:443
2024-04-30 19:30
Found SOPHOS firewall user portal
Open service 61.220.40.181:443
2024-04-28 18:39
HTTP/1.1 302 Found Date: Fri, 08 Oct 2021 08:24:26 GMT Server: xxxx X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp Cache-Control: max-age=2592000 Expires: Sun, 07 Nov 2021 08:24:26 GMT Content-Length: 245 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 302 Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p> </body></html>
Open service 61.220.40.181:443
2024-04-28 18:39
Found SOPHOS firewall user portal
Open service 61.220.40.181:443
2024-04-25 00:32
HTTP/1.1 302 Found Date: Mon, 04 Oct 2021 14:18:01 GMT Server: xxxx X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp Cache-Control: max-age=2592000 Expires: Wed, 03 Nov 2021 14:18:01 GMT Content-Length: 245 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 302 Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p> </body></html>
Open service 61.220.40.181:443
2024-04-25 00:32
Found SOPHOS firewall user portal
Open service 61.220.40.181:443
2024-04-24 17:30
Found SOPHOS firewall user portal
Open service 61.220.40.181:443
2024-04-24 17:30
HTTP/1.1 302 Found Date: Mon, 04 Oct 2021 07:16:08 GMT Server: xxxx X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp Cache-Control: max-age=2592000 Expires: Wed, 03 Nov 2021 07:16:08 GMT Content-Length: 245 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 302 Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p> </body></html>