Multiple XSS Vulnerabilities in Sophos Firewall by Sophos
CVE-2021-25267

6.8MEDIUM

Key Information:

Vendor: Sophos
Status: Sophos Firewall
Vendor: CVE Published:; 5 May 2022

What is CVE-2021-25267?

Multiple Cross-Site Scripting (XSS) vulnerabilities in the Webadmin interface of Sophos Firewall can lead to unauthorized privilege escalation. An attacker with access to the admin panel can exploit these vulnerabilities to elevate their privileges to a super-admin level, compromising the security integrity of the firewall. Versions of Sophos Firewall prior to 19.0 GA are susceptible to these risks, emphasizing the need for timely updates and robust security practices.

Affected Version(s)

Sophos Firewall < 19.0 GA

References

https://www.sophos.com/en-us/security-advisories/sophos-s...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Jan 15, 2021

Credit

Gaetano Sapia