Lucene search
HistorySep 07, 2022 - 6:15 p.m.
CVE-2022-1807
cve-2022-1807
sql injection
webadmin
privilege escalation
sophos firewall
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.6%
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.
Affected configurations
Node
sophosfirewallRange<18.5
ORsophosfirewallMatch18.5-
ORsophosfirewallMatch18.5mr1
ORsophosfirewallMatch18.5mr1-1
ORsophosfirewallMatch18.5mr2
ORsophosfirewallMatch18.5mr3
ORsophosfirewallMatch19.0-
| CPE | Name | Operator | Version |
|---|---|---|---|
| sophos:firewall | sophos firewall | lt | 18.5 |
| sophos:firewall | sophos firewall | eq | 19.0 |
CNA Affected
[
{
"product": "Sophos Firewall",
"vendor": "Sophos",
"versions": [
{
"lessThan": "18.5 MR4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.0 MR1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
prion
prion
Sql injection
2022-09-07 18:15:00
cvelist
cvelist
CVE-2022-1807
2022-09-07 18:00:14
nvd
nvd
CVE-2022-1807
2022-09-07 18:15:08
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.6%
Related for CVE-2022-1807