Stored XSS Vulnerability in Sophos Firewall Webadmin
CVE-2022-3709

8.4HIGH

Key Information:

Vendor: Sophos
Status: Sophos Firewall
Vendor: CVE Published:; 1 December 2022

What is CVE-2022-3709?

A stored XSS vulnerability exists in the Webadmin import group wizard of Sophos Firewall, allowing an attacker with admin privileges to escalate to super-admin privileges. This issue affects all versions prior to 19.5 GA, which could lead to unauthorized access and potential control over the affected system. Users are advised to upgrade to the latest version to mitigate this risk effectively.

Affected Version(s)

Sophos Firewall < 19.5 GA

Sophos Firewall < 19.0 MR2

Sophos Firewall < 18.5 MR5

References

https://www.sophos.com/en-us/security-advisories/sophos-s...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2022
Vulnerability Reserved
Oct 27, 2022