Post-auth Code Injection Vulnerability in Sophos Firewall
CVE-2022-3696

7.2HIGH

Key Information:

Vendor
Sophos
Vendor
CVE Published:
1 December 2022

Summary

A post-auth code injection vulnerability exists in the Webadmin interface of Sophos Firewall. This issue enables authenticated administrators to execute arbitrary code, leading to potential exploitation and compromising the security of the affected system. It is essential for users of Sophos Firewall versions prior to 19.5 GA to take immediate action to mitigate this risk. For more details and guidance, refer to Sophos's official security advisory.

Affected Version(s)

Sophos Firewall < 19.5 GA

Sophos Firewall < 19.0 MR2

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.