Stored XSS Vulnerability in Sophos Firewall Webadmin
CVE-2022-3709

6.8MEDIUM

Key Information:

Vendor: Sophos
Status: Sophos Firewall
Vendor: CVE Published:; 1 December 2022

Summary

A stored XSS vulnerability exists in the Webadmin import group wizard of Sophos Firewall, allowing an attacker with admin privileges to escalate to super-admin privileges. This issue affects all versions prior to 19.5 GA, which could lead to unauthorized access and potential control over the affected system. Users are advised to upgrade to the latest version to mitigate this risk effectively.

Affected Version(s)

Sophos Firewall < 19.5 GA

Sophos Firewall < 19.0 MR2

Sophos Firewall < 18.5 MR5

References

https://www.sophos.com/en-us/security-advisories/sophos-s...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 1, 2022
Vulnerability Reserved
Oct 27, 2022