Shell Escape Vulnerability in Sophos XG Firewall
CVE-2018-16118

8.1HIGH

Key Information:

Vendor

Sophos
Status
Sfos
Vendor
CVE Published:
20 June 2019

What is CVE-2018-16118?

A shell escape vulnerability exists in the API Configuration component of Sophos XG Firewall (version 17.0.8 MR-8). This vulnerability allows remote attackers to execute arbitrary operating system commands by exploiting shell metacharacters in the 'X-Forwarded-For' HTTP header. Successful exploitation can lead to unauthorized access and control over the affected system, posing significant risks to network security.

References

https://www.sophos.com/en-us/legal/sophos-responsible-dis...
x_refsource_MISC
https://github.com/klsecservices/Advisories/blob/master/K...
x_refsource_MISC
https://community.sophos.com/kb/en-us/132637
x_refsource_CONFIRM

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.