14 matches found
EUVD-2021-12179
Malware in sbrugna...
CVE-2021-25268
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA...
Malicious Package
Overview sfos-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
MAL-2022-6065 Malicious code in sfos-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d35db97fc7f564a72dbdff02e662109b9cd933adf377fbb61251d42f674589b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sfos-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d35db97fc7f564a72dbdff02e662109b9cd933adf377fbb61251d42f674589b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Design/Logic Flaw
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA...
CVE-2021-25268
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA...
CVE-2021-25268
CVE-2021-25268 describes multiple XSS flaws in Sophos Firewall Webadmin that enable privilege escalation from a MySophos admin to an SFOS admin on systems running Sophos Firewall older than version 19.0 GA. The root cause is XSS in the Webadmin interface leading to higher-privilege access. Docume...
Sophos SFOS SQL Injection Vulnerability
Sophos Firewall operating system SFOS firmware contains a SQL injection vulnerability when configured with either the administration HTTPS service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords fo...
CVE-2020-12271
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...
Sql injection
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...
CVE-2020-12271
CVE-2020-12271 is a SQL injection vulnerability in Sophos XG Firewall SFOS against the backend PostgreSQL database. Affected products include SFOS versions on Sophos XG Firewalls (configured with Administration HTTPS or WAN-exposed User Portal). The root cause is improper validation of user-suppl...
CVE-2020-12271
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...
CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...