An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSophos Sfos
OSSophos≤ 18.5.3
CISA KEV — szczegółyi
- Dostawcai
- Sophos
- Produkti
- Firewall
- Data dodania do KEVi
- 31 marca 2022
- Termin remediation (USA)i
- 21 kwietnia 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Luka w zabezpieczeniu uwierzytelniania w User Portal i Webadmin zapory Sophos Firewall pozwala na zdalne wykonanie kodu.
▸ Pokaż oryginał (EN)
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Powiązane podatności
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall dev...
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potential...
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow...
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG fire...
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remot...