Stored XSS Vulnerability in Sophos Firewall Webadmin
CVE-2022-3709
6.8MEDIUM
Summary
A stored XSS vulnerability exists in the Webadmin import group wizard of Sophos Firewall, allowing an attacker with admin privileges to escalate to super-admin privileges. This issue affects all versions prior to 19.5 GA, which could lead to unauthorized access and potential control over the affected system. Users are advised to upgrade to the latest version to mitigate this risk effectively.
Affected Version(s)
Sophos Firewall < 19.5 GA
Sophos Firewall < 19.0 MR2
Sophos Firewall < 18.5 MR5
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved