Sfos@* Security Vulnerabilities and Issues — Sfos@* CVE List

Lucene search

SophosSfos*

6 matches found

CVE•added 2022/03/25 12:15 p.m.•1347 views

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

9.8CVSS9.7AI score0.94439EPSS

CVE•added 2019/06/20 5:15 p.m.•159 views

CVE-2018-16118

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.

9.3CVSS8.4AI score0.00427EPSS

CVE•added 2019/06/20 5:15 p.m.•132 views

CVE-2018-16117

A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.

9CVSS8.7AI score0.04EPSS

CVE•added 2022/03/29 1:15 a.m.•69 views

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.

5.3CVSS5.1AI score0.00335EPSS

CVE•added 2018/01/12 5:29 p.m.•40 views

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webad...

6.1CVSS6.1AI score0.00156EPSS

CVE•added 2020/06/18 4:15 p.m.•35 views

CVE-2020-11503

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.

9.8CVSS9.7AI score0.00291EPSS