Lucene search

K

8 matches found

CVE
CVE
added 2022/03/25 12:15 p.m.1346 views

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

9.8CVSS9.7AI score0.94439EPSS
CVE
CVE
added 2020/04/27 4:15 a.m.1136 views

CVE-2020-12271

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack...

10CVSS9.2AI score0.83191EPSS
CVE
CVE
added 2019/06/20 5:15 p.m.159 views

CVE-2018-16118

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.

9.3CVSS8.4AI score0.00427EPSS
CVE
CVE
added 2019/06/20 5:15 p.m.132 views

CVE-2018-16117

A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.

9CVSS8.7AI score0.04EPSS
CVE
CVE
added 2019/06/20 5:15 p.m.129 views

CVE-2018-16116

SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.

8.8CVSS8.8AI score0.00286EPSS
CVE
CVE
added 2022/03/29 1:15 a.m.69 views

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.

5.3CVSS5.1AI score0.00335EPSS
CVE
CVE
added 2018/01/12 5:29 p.m.40 views

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webad...

6.1CVSS6.1AI score0.00156EPSS
CVE
CVE
added 2020/06/18 4:15 p.m.35 views

CVE-2020-11503

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.

9.8CVSS9.7AI score0.00291EPSS