Stored XSS Vulnerability in Sophos Firewall Webadmin
CVE-2022-3709

6.8MEDIUM

Key Information:

Vendor
Sophos
Vendor
CVE Published:
1 December 2022

Summary

A stored XSS vulnerability exists in the Webadmin import group wizard of Sophos Firewall, allowing an attacker with admin privileges to escalate to super-admin privileges. This issue affects all versions prior to 19.5 GA, which could lead to unauthorized access and potential control over the affected system. Users are advised to upgrade to the latest version to mitigate this risk effectively.

Affected Version(s)

Sophos Firewall < 19.5 GA

Sophos Firewall < 19.0 MR2

Sophos Firewall < 18.5 MR5

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.