Vulnerabilites related to sophos - xg_firewall_firmware
cve-2020-15069
Vulnerability from cvelistv5
Published
2020-06-29 17:30
Modified
2025-02-10 18:10
Severity ?
EPSS score ?
Summary
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-15069",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T04:55:31.279894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-02-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-15069"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T18:10:48.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T17:30:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal",
"refsource": "CONFIRM",
"url": "https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15069",
"datePublished": "2020-06-29T17:30:18.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2025-02-10T18:10:48.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3226
Vulnerability from cvelistv5
Published
2022-12-01 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sophos | Sophos Firewall |
Version: unspecified < 19.5 GA Version: unspecified < 19.0 MR2 Version: unspecified < 18.5 MR5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sophos Firewall",
"vendor": "Sophos",
"versions": [
{
"lessThan": "19.5 GA",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.0 MR2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.5 MR5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00",
"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"shortName": "Sophos"
},
"references": [
{
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"assignerShortName": "Sophos",
"cveId": "CVE-2022-3226",
"datePublished": "2022-12-01T00:00:00",
"dateReserved": "2022-09-15T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3696
Vulnerability from cvelistv5
Published
2022-12-01 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sophos | Sophos Firewall |
Version: unspecified < 19.5 GA Version: unspecified < 19.0 MR2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sophos Firewall",
"vendor": "Sophos",
"versions": [
{
"lessThan": "19.5 GA",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.0 MR2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00",
"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"shortName": "Sophos"
},
"references": [
{
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"assignerShortName": "Sophos",
"cveId": "CVE-2022-3696",
"datePublished": "2022-12-01T00:00:00",
"dateReserved": "2022-10-26T00:00:00",
"dateUpdated": "2024-08-03T01:14:03.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15504
Vulnerability from cvelistv5
Published
2020-07-10 16:55
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions \u003e= 17.0 have received a hotfix."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T16:55:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions \u003e= 17.0 have received a hotfix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504",
"refsource": "CONFIRM",
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15504",
"datePublished": "2020-07-10T16:55:15",
"dateReserved": "2020-07-02T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3713
Vulnerability from cvelistv5
Published
2022-12-01 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sophos | Sophos Firewall |
Version: unspecified < 19.5 GA Version: unspecified < 19.0 MR2 Version: unspecified < 18.5 MR5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sophos Firewall",
"vendor": "Sophos",
"versions": [
{
"lessThan": "19.5 GA",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.0 MR2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.5 MR5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00",
"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"shortName": "Sophos"
},
"references": [
{
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"assignerShortName": "Sophos",
"cveId": "CVE-2022-3713",
"datePublished": "2022-12-01T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3711
Vulnerability from cvelistv5
Published
2022-12-01 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sophos | Sophos Firewall |
Version: unspecified < 19.5 GA Version: unspecified < 19.0 MR2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sophos Firewall",
"vendor": "Sophos",
"versions": [
{
"lessThan": "19.5 GA",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.0 MR2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00",
"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"shortName": "Sophos"
},
"references": [
{
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"assignerShortName": "Sophos",
"cveId": "CVE-2022-3711",
"datePublished": "2022-12-01T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3710
Vulnerability from cvelistv5
Published
2022-12-01 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sophos | Sophos Firewall |
Version: unspecified < 19.5 GA Version: unspecified < 19.0 MR2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sophos Firewall",
"vendor": "Sophos",
"versions": [
{
"lessThan": "19.5 GA",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.0 MR2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Erik de Jong"
}
],
"descriptions": [
{
"lang": "en",
"value": "A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00",
"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"shortName": "Sophos"
},
"references": [
{
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"assignerShortName": "Sophos",
"cveId": "CVE-2022-3710",
"datePublished": "2022-12-01T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3709
Vulnerability from cvelistv5
Published
2022-12-01 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sophos | Sophos Firewall |
Version: unspecified < 19.5 GA Version: unspecified < 19.0 MR2 Version: unspecified < 18.5 MR5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sophos Firewall",
"vendor": "Sophos",
"versions": [
{
"lessThan": "19.5 GA",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.0 MR2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.5 MR5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00",
"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"shortName": "Sophos"
},
"references": [
{
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"assignerShortName": "Sophos",
"cveId": "CVE-2022-3709",
"datePublished": "2022-12-01T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-17352
Vulnerability from cvelistv5
Published
2020-08-07 19:50
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.sophos.com/b/security-blog | x_refsource_MISC | |
| https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.sophos.com/b/security-blog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-07T19:50:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.sophos.com/b/security-blog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-17352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.sophos.com/b/security-blog",
"refsource": "MISC",
"url": "https://community.sophos.com/b/security-blog"
},
{
"name": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352",
"refsource": "MISC",
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17352",
"datePublished": "2020-08-07T19:50:04",
"dateReserved": "2020-08-05T00:00:00",
"dateUpdated": "2024-08-04T13:53:17.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-12-01 18:15
Modified
2024-11-21 07:20
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | xg_firewall_firmware | * | |
| sophos | xg_firewall | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6847B871-B1A5-440F-8B11-93B77D9D13CC",
"versionEndIncluding": "19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:xg_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9628D079-44BD-479E-BE63-9BEF824B4E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL de solo lectura posterior a la autenticaci\u00f3n permite a los usuarios leer contenidos de bases de datos de configuraci\u00f3n no confidenciales en el Portal de usuario de versiones de Sophos Firewall anteriores a la versi\u00f3n 19.5 GA."
}
],
"id": "CVE-2022-3711",
"lastModified": "2024-11-21T07:20:05.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-alert@sophos.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-01T18:15:10.503",
"references": [
{
"source": "security-alert@sophos.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"sourceIdentifier": "security-alert@sophos.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-29 18:15
Modified
2025-02-07 02:00
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | xg_firewall_firmware | * | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall | - |
{
"cisaActionDue": "2025-02-27",
"cisaExploitAdd": "2025-02-06",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Sophos XG Firewall Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A546ABB9-136E-4118-B0ED-E801EFE01863",
"versionEndExcluding": "17.5",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:-:*:*:*:*:*:*",
"matchCriteriaId": "F3BBDD37-5675-43F6-A298-A1E7CBDC68EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "2AB6515B-F780-4B1B-BD1E-2EBEFCA09E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10:*:*:*:*:*:*",
"matchCriteriaId": "2AD1DF62-D9CF-40BD-B9F0-D66D8CF497A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11:*:*:*:*:*:*",
"matchCriteriaId": "FF3BC5B5-9440-4B70-BD38-A7ABDE8EDF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12:*:*:*:*:*:*",
"matchCriteriaId": "CF5A6965-C9DA-4D96-ABCC-2FA424B53C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "9A73BC58-7D57-4699-8C1A-F260CA6893ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4:*:*:*:*:*:*",
"matchCriteriaId": "70FF0E57-77CA-4DC1-94EB-8728AAECE268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5:*:*:*:*:*:*",
"matchCriteriaId": "7B791A90-1286-4CBF-ADCE-E0B9D128DEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6:*:*:*:*:*:*",
"matchCriteriaId": "8A9EAA0D-D5A1-41C1-9EA1-9B4CFA0F8C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7:*:*:*:*:*:*",
"matchCriteriaId": "D3BD6BB0-8D01-4B33-8989-D424ABE9453D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8:*:*:*:*:*:*",
"matchCriteriaId": "496397CE-77F5-4773-A1AC-A05D34C697E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9:*:*:*:*:*:*",
"matchCriteriaId": "4A3FA1DC-64AF-4557-B9EC-E1A0A07FACB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:xg_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9628D079-44BD-479E-BE63-9BEF824B4E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x."
},
{
"lang": "es",
"value": "Sophos XG Firewall versiones 17.x hasta v17.5 MR12, permite un desbordamiento de b\u00fafer y una ejecuci\u00f3n de c\u00f3digo remota por medio de la funcionalidad HTTP/S Bookmarks para acceso sin cliente. La Hotfix HF062020.1 fue publicada para todos los firewalls que ejecutan versi\u00f3n v17.x"
}
],
"id": "CVE-2020-15069",
"lastModified": "2025-02-07T02:00:02.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-06-29T18:15:12.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-10 17:15
Modified
2024-11-21 05:05
Severity ?
Summary
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | xg_firewall_firmware | * | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 18.0 | |
| sophos | xg_firewall_firmware | 18.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63DDC3B1-5437-41C6-8706-5768F7E32C38",
"versionEndIncluding": "17.5",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "2AB6515B-F780-4B1B-BD1E-2EBEFCA09E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10:*:*:*:*:*:*",
"matchCriteriaId": "2AD1DF62-D9CF-40BD-B9F0-D66D8CF497A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11:*:*:*:*:*:*",
"matchCriteriaId": "FF3BC5B5-9440-4B70-BD38-A7ABDE8EDF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12:*:*:*:*:*:*",
"matchCriteriaId": "CF5A6965-C9DA-4D96-ABCC-2FA424B53C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "9A73BC58-7D57-4699-8C1A-F260CA6893ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4:*:*:*:*:*:*",
"matchCriteriaId": "70FF0E57-77CA-4DC1-94EB-8728AAECE268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5:*:*:*:*:*:*",
"matchCriteriaId": "7B791A90-1286-4CBF-ADCE-E0B9D128DEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6:*:*:*:*:*:*",
"matchCriteriaId": "8A9EAA0D-D5A1-41C1-9EA1-9B4CFA0F8C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7:*:*:*:*:*:*",
"matchCriteriaId": "D3BD6BB0-8D01-4B33-8989-D424ABE9453D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8:*:*:*:*:*:*",
"matchCriteriaId": "496397CE-77F5-4773-A1AC-A05D34C697E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9:*:*:*:*:*:*",
"matchCriteriaId": "4A3FA1DC-64AF-4557-B9EC-E1A0A07FACB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "66BCC2C8-DDBD-4AF7-807A-BC9F5D4AC6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "5855684F-6505-4B4E-AF65-5E3CECD4CC25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions \u003e= 17.0 have received a hotfix."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en las interfaces web de usuario y administrador de Sophos XG Firewall versiones v18.0 MR1 y anteriores, permite potencialmente a un atacante ejecutar c\u00f3digo arbitrario remotamente. La correcci\u00f3n est\u00e1 incorporada en el relanzamiento de XG Firewall versi\u00f3n v18 MR-1 (llamado MR-1-Build396) y la versi\u00f3n v17.5 MR13. Todas las dem\u00e1s versiones superiores a 17.0 incluy\u00e9ndola, han recibido una revisi\u00f3n"
}
],
"id": "CVE-2020-15504",
"lastModified": "2024-11-21T05:05:39.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-10T17:15:10.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-01 18:15
Modified
2024-11-21 07:20
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | xg_firewall_firmware | * | |
| sophos | xg_firewall | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6847B871-B1A5-440F-8B11-93B77D9D13CC",
"versionEndIncluding": "19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:xg_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9628D079-44BD-479E-BE63-9BEF824B4E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA."
},
{
"lang": "es",
"value": "Una vulnerabilidad XSS almacenada permite escalar privilegios de administrador a superadministrador en el asistente de importaci\u00f3n de grupos Webadmin de versiones de Sophos Firewall anteriores a la versi\u00f3n 19.5 GA."
}
],
"id": "CVE-2022-3709",
"lastModified": "2024-11-21T07:20:05.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "security-alert@sophos.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-01T18:15:10.397",
"references": [
{
"source": "security-alert@sophos.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"sourceIdentifier": "security-alert@sophos.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-01 18:15
Modified
2024-11-21 07:19
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | xg_firewall_firmware | * | |
| sophos | xg_firewall | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6847B871-B1A5-440F-8B11-93B77D9D13CC",
"versionEndIncluding": "19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:xg_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9628D079-44BD-479E-BE63-9BEF824B4E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo permite a los administradores ejecutar c\u00f3digo a trav\u00e9s de cargas de configuraci\u00f3n de VPN SSL en versiones de Sophos Firewall anteriores a la versi\u00f3n 19.5 GA."
}
],
"id": "CVE-2022-3226",
"lastModified": "2024-11-21T07:19:05.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@sophos.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-01T18:15:10.287",
"references": [
{
"source": "security-alert@sophos.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"sourceIdentifier": "security-alert@sophos.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-01 18:15
Modified
2024-11-21 07:20
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | xg_firewall_firmware | * | |
| sophos | xg_firewall | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6FDEB7-9C9F-4D08-8A83-D0C7B1A4EEC7",
"versionEndExcluding": "19.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:xg_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9628D079-44BD-479E-BE63-9BEF824B4E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL de solo lectura posterior a la autenticaci\u00f3n permite a los clientes API leer contenidos de bases de datos de configuraci\u00f3n no confidenciales en el controlador API de versiones de Sophos Firewall anteriores a la versi\u00f3n 19.5 GA."
}
],
"id": "CVE-2022-3710",
"lastModified": "2024-11-21T07:20:05.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security-alert@sophos.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-01T18:15:10.453",
"references": [
{
"source": "security-alert@sophos.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"sourceIdentifier": "security-alert@sophos.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-01 18:15
Modified
2024-11-21 07:20
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | xg_firewall_firmware | * | |
| sophos | xg_firewall | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6847B871-B1A5-440F-8B11-93B77D9D13CC",
"versionEndIncluding": "19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:xg_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9628D079-44BD-479E-BE63-9BEF824B4E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo permite a atacantes adyacentes ejecutar c\u00f3digo en el controlador Wifi de versiones de Sophos Firewall anteriores a la versi\u00f3n 19.5 GA."
}
],
"id": "CVE-2022-3713",
"lastModified": "2024-11-21T07:20:05.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-alert@sophos.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-01T18:15:10.553",
"references": [
{
"source": "security-alert@sophos.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"sourceIdentifier": "security-alert@sophos.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-07 20:15
Modified
2024-11-21 05:07
Severity ?
Summary
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 17.5 | |
| sophos | xg_firewall_firmware | 18.0 | |
| sophos | xg_firewall_firmware | 18.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:-:*:*:*:*:*:*",
"matchCriteriaId": "F3BBDD37-5675-43F6-A298-A1E7CBDC68EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "2AB6515B-F780-4B1B-BD1E-2EBEFCA09E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10:*:*:*:*:*:*",
"matchCriteriaId": "2AD1DF62-D9CF-40BD-B9F0-D66D8CF497A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11:*:*:*:*:*:*",
"matchCriteriaId": "FF3BC5B5-9440-4B70-BD38-A7ABDE8EDF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12:*:*:*:*:*:*",
"matchCriteriaId": "CF5A6965-C9DA-4D96-ABCC-2FA424B53C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "9A73BC58-7D57-4699-8C1A-F260CA6893ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4:*:*:*:*:*:*",
"matchCriteriaId": "70FF0E57-77CA-4DC1-94EB-8728AAECE268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5:*:*:*:*:*:*",
"matchCriteriaId": "7B791A90-1286-4CBF-ADCE-E0B9D128DEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6:*:*:*:*:*:*",
"matchCriteriaId": "8A9EAA0D-D5A1-41C1-9EA1-9B4CFA0F8C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7:*:*:*:*:*:*",
"matchCriteriaId": "D3BD6BB0-8D01-4B33-8989-D424ABE9453D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8:*:*:*:*:*:*",
"matchCriteriaId": "496397CE-77F5-4773-A1AC-A05D34C697E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9:*:*:*:*:*:*",
"matchCriteriaId": "4A3FA1DC-64AF-4557-B9EC-E1A0A07FACB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "66BCC2C8-DDBD-4AF7-807A-BC9F5D4AC6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:mr1:*:*:*:*:*:*",
"matchCriteriaId": "D0D55C63-0190-4F6D-BF8A-C135E0D2BDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code."
},
{
"lang": "es",
"value": "Dos vulnerabilidades de inyecci\u00f3n de comandos de Sistema Operativo en el portal de Usuario de Sophos XG Firewall hasta el 05-08-2020, permiten potencialmente a un atacante autenticado ejecutar c\u00f3digo arbitrario remotamente"
}
],
"id": "CVE-2020-17352",
"lastModified": "2024-11-21T05:07:55.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-07T20:15:12.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.sophos.com/b/security-blog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.sophos.com/b/security-blog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-01 18:15
Modified
2024-11-21 07:20
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | xg_firewall_firmware | * | |
| sophos | xg_firewall | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6847B871-B1A5-440F-8B11-93B77D9D13CC",
"versionEndIncluding": "19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:xg_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9628D079-44BD-479E-BE63-9BEF824B4E4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo posterior a la autenticaci\u00f3n permite a los administradores ejecutar c\u00f3digo en Webadmin de versiones de Sophos Firewall anteriores a la versi\u00f3n 19.5 GA."
}
],
"id": "CVE-2022-3696",
"lastModified": "2024-11-21T07:20:03.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@sophos.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-01T18:15:10.343",
"references": [
{
"source": "security-alert@sophos.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
}
],
"sourceIdentifier": "security-alert@sophos.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}