Post-auth Code Injection Vulnerability in Sophos Firewall
CVE-2022-3696
7.2HIGH
Summary
A post-auth code injection vulnerability exists in the Webadmin interface of Sophos Firewall. This issue enables authenticated administrators to execute arbitrary code, leading to potential exploitation and compromising the security of the affected system. It is essential for users of Sophos Firewall versions prior to 19.5 GA to take immediate action to mitigate this risk. For more details and guidance, refer to Sophos's official security advisory.
Affected Version(s)
Sophos Firewall < 19.5 GA
Sophos Firewall < 19.0 MR2
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved