SQL Injection Vulnerability in Sophos XG Firewall by Sophos
CVE-2020-15504

9.8CRITICAL

Key Information:

Vendor
Sophos
Vendor
CVE Published:
10 July 2020

Summary

A SQL injection vulnerability exists within the user and admin web interfaces of the Sophos XG Firewall, enabling attackers to execute arbitrary code remotely. This flaw affects versions of the firewall prior to v18.0 MR1 and poses significant risks to system integrity and data security. A remedy has been introduced in the re-release of XG Firewall v18 MR-1 (MR-1-Build396), and users are advised to update to the patched versions immediately.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.