80 matches found
CVE-2020-12271
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...
EUVD-2018-7973
Malware in sbrugna...
EUVD-2018-7974
Malware in sbrugna...
EUVD-2020-9306
Malware in sbrugna...
EUVD-2017-9154
Malware in sbrugna...
EUVD-2020-3856
Malware in sbrugna...
EUVD-2018-7972
Malware in sbrugna...
EUVD-2020-7496
Malware in sbrugna...
Sophos XG Firewall <= 17.5.12 RCE
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x. Note that Nessus has not tested for this issue but has instead relied only on the...
CVE-2020-17352
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code...
CVE-2020-11503
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely...
CVE-2020-15069
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x...
CVE-2018-16116
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter...
CVE-2018-16118
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header...
CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter...
Sophos XG Firewall Buffer Overflow Vulnerability
Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature...
VulnCheck KEV: CVE-2020-15069
Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature...
Sophos XG Firewall <= 19.0.1 RCE
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...
Sophos XG Firewall User Portal and Webadmin Authentication Bypass (CVE-2022-1040)
Binary data sophosxgfirewallcve-2022-1040.nbin...
Sophos XG Firewall <= 18.5.3 RCE
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEV...