Pre-auth Command Injection Vulnerability in Sophos Web Appliance
CVE-2023-1671
Key Information:
- Vendor
- Sophos
- Status
- Vendor
- CVE Published:
- 4 April 2023
Badges
Summary
A pre-auth command injection vulnerability exists in the warn-proceed handler of Sophos Web Appliance versions earlier than 4.3.10.4. This flaw allows attackers to execute arbitrary code on the affected systems, posing significant security risks if exploited. Organizations using vulnerable versions should apply the latest updates to mitigate the risk associated with this vulnerability.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Sophos Web Appliance < 4.3.10.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security
CISA has added three bugs to its Known Exploited Vulnerabilities catalog, among them a critical one (CVE-2023-1671) in Sophos Web Appliance.
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.

A Pre-Auth Command Injection Sophos Vulnerability Exploited In The Wild - The Cyber Express
The pre-auth command injection Sophos vulnerability was found in the versions prior to 4.3.10.4. CVE-2023-1671 had a severity score of 9.8.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π¦
CISA Reported
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by The Cyber Express
Vulnerability published
Vulnerability Reserved