SQL Injection Vulnerability in Sophos XG Firewall by Sophos
CVE-2020-15504
9.8CRITICAL
Summary
A SQL injection vulnerability exists within the user and admin web interfaces of the Sophos XG Firewall, enabling attackers to execute arbitrary code remotely. This flaw affects versions of the firewall prior to v18.0 MR1 and poses significant risks to system integrity and data security. A remedy has been introduced in the re-release of XG Firewall v18 MR-1 (MR-1-Build396), and users are advised to update to the patched versions immediately.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved