Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SOPHOS_XG_SOPHOS-SA-20220325-SFOS-RCE.NASL
HistoryApr 06, 2022 - 12:00 a.m.

Sophos XG Firewall <= 18.5.3 RCE

2022-04-0600:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
243
JSON

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159541);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id("CVE-2022-1040");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/21");

  script_name(english:"Sophos XG Firewall <= 18.5.3 RCE");

  script_set_attribute(attribute:"synopsis", value:
"The remote Sophos XG Firewall is affected by a remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in
Sophos Firewall version v18.5 MR3 and older.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddc1a2cb");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1040");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/06");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:sophos:xg_firewall_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Firewalls");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sophos_xg_firewall_detect.nbin");
  script_require_keys("installed_sw/Sophos XG Firewall", "Settings/ParanoidReport");

  exit(0);
}

include('vcf.inc');
include('http.inc');

var app_name = 'Sophos XG Firewall';
var port = get_http_port(default:443);
var app_info = vcf::get_app_info(app:app_name, port:port, webapp:TRUE);

# Not checking hotfixes
if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

var constraints = [
  {'min_version':'0.0', 'max_version':'18.5.3', 'fixed_display':'See vendor advisory'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
sophosxg_firewall_firmwarecpe:/o:sophos:xg_firewall_firmware

Related

githubexploit 7
prion 1
nuclei 1
cve 1
nessus 1
checkpoint_advisories 1
zdt 2
hivepro 2
packetstorm 1
cisa_kev 1
thn 8
attackerkb 1
talosblog 1
threatpost 1
githubexploit
githubexploit
Exploit for Vulnerability in Sophos Sfos
2022-10-07 14:44:42
Exploit for Improper Authentication in Sophos Sfos
2022-05-22 13:23:20
Exploit for Improper Authentication in Sophos Sfos
2022-05-05 10:15:38
prion
prion
Authentication flaw
2022-03-25 12:15:00
nuclei
nuclei
Sophos Firewall <=18.5 MR3 - Remote Code Execution
2022-05-06 14:57:40
cve
cve
CVE-2022-1040
2022-03-25 12:15:00
nessus
nessus
Sophos XG Firewall User Portal and Webadmin Authentication Bypass (CVE-2022-1040)
2022-05-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Sophos MR3 Firewall Remote Code Execution (CVE-2022-1040)
2022-05-24 00:00:00
zdt
zdt
Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass Vulnerability
2022-08-10 00:00:00
Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Vulnerability
2022-09-02 00:00:00
hivepro
hivepro
Sophos Firewall RCE vulnerability actively exploited
2022-03-30 13:16:02
Weekly Threat Digest: 28 March – 3 April 2022
2022-04-05 10:11:43
packetstorm
packetstorm
Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass
2022-08-10 00:00:00
cisa_kev
cisa_kev
Sophos Firewall Authentication Bypass Vulnerability
2022-03-31 00:00:00
thn
thn
Critical Sophos Firewall RCE Vulnerability Under Active Exploitation
2022-03-29 10:32:00
Hackers Target Ukrainian Software Company Using GoMet Backdoor
2022-07-21 12:02:00
Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances
2022-03-30 03:25:00
attackerkb
attackerkb
CVE-2022-1040
2022-03-25 00:00:00
talosblog
talosblog
Attackers target Ukraine using GoMet backdoor
2022-07-21 12:00:00
threatpost
threatpost
Critical Sophos Security Bug Allows RCE on Firewalls
2022-03-28 17:33:43
JSON
Related for SOPHOS_XG_SOPHOS-SA-20220325-SFOS-RCE.NASL
githubexploit7prion1nuclei1cve1nessus1checkpoint_advisories1zdt2hivepro2packetstorm1cisa_kev1thn8attackerkb1talosblog1threatpost1