Sfos@17.1 Security Vulnerabilities and Issues — Sfos@17.1 CVE List

Lucene search

SophosSfos17.1

3 matches found

CVE•added 2020/04/27 4:15 a.m.•1137 views

CVE-2020-12271

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack...

10CVSS9.2AI score0.83191EPSS

CVE•added 2019/06/20 5:15 p.m.•159 views

CVE-2018-16118

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.

9.3CVSS8.4AI score0.00427EPSS

CVE•added 2019/06/20 5:15 p.m.•132 views

CVE-2018-16117

A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.

9CVSS8.7AI score0.04EPSS