Post-Authentication Command Injection in Sophos Web Appliance
CVE-2022-4934
7.2HIGH
Summary
A post-authentication command injection vulnerability exists in the exception wizard of Sophos Web Appliance versions prior to 4.3.10.4. This flaw allows authenticated administrators to execute arbitrary code remotely, potentially compromising the integrity of the system. This presents a significant risk to organizations utilizing affected versions as it could lead to unauthorized actions being performed at the administrative level.
Affected Version(s)
Sophos Web Appliance < 4.3.10.4
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved