CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2020-12271

CVSS 9.8v3.1pub. 2020-04-27upd. 2025-11-07

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sophos Sfos

    OS
    Sophos
    17.017.117.518.0
  • Sophos Xg Firewall

    HW
    Sophos
    wszystkie wersje

CISA KEV — detailsi

Vendori
Sophos
Producti
SFOS
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 3 maja 2022
Tags
RCESQLiFirewall
CWE
References

Related vulnerabilities

CVE-2022-1040CRITICAL9.8⚠ KEVten sam produkt

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute cod...

CVE-2020-15069CRITICAL9.8⚠ KEVten sam produkt

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S B...

CVE-2020-11503CRITICAL9.8ten sam produkt

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potential...

CVE-2022-3226HIGH7.2ten sam produkt

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sopho...

CVE-2022-3696HIGH7.2ten sam produkt

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases...