Sfos@17.0 Security Vulnerabilities and Issues — Sfos@17.0 CVE List

Lucene search

SophosSfos17.0

3 matches found

CVE•added 2020/04/27 4:15 a.m.•1137 views

CVE-2020-12271

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack...

10CVSS9.2AI score0.83191EPSS

CVE•added 2019/06/20 5:15 p.m.•159 views

CVE-2018-16118

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.

9.3CVSS8.4AI score0.00427EPSS

CVE•added 2018/01/12 5:29 p.m.•40 views

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webad...

6.1CVSS6.1AI score0.00156EPSS