CRITICAL✓ PATCH🇬🇧 English

CVE-2020-15504

CVSS 9.8v3.1pub. 2020-07-10upd. 2024-11-21

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sophos Xg Firewall Firmware

    OS
    Sophos
    17.518.017.0 – 17.5
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
SQLiFirewall
CWE
Referencje

Powiązane podatności

CVE-2020-15069CRITICAL9.8⚠ KEVten sam produkt

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S B...

CVE-2022-3226HIGH7.2ten sam produkt

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sopho...

CVE-2022-3696HIGH7.2ten sam produkt

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases...

CVE-2022-3713HIGH8.8ten sam produkt

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Fire...

CVE-2020-17352HIGH8.8ten sam produkt

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potential...