Pre-auth Command Injection Vulnerability in Sophos Web Appliance
CVE-2023-1671

9.8CRITICAL

Key Information:

Vendor
Sophos
Status
Sophos Web Appliance
Vendor
CVE Published:
4 April 2023

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 94%πŸ¦… CISA ReportedπŸ“° News Worthy

Summary

A pre-auth command injection vulnerability exists in the warn-proceed handler of Sophos Web Appliance versions earlier than 4.3.10.4. This flaw allows attackers to execute arbitrary code on the affected systems, posing significant security risks if exploited. Organizations using vulnerable versions should apply the latest updates to mitigate the risk associated with this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Sophos Web Appliance < 4.3.10.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-1671-POC
Created by W01fh4cker

CVE-2023-1671
Created by ohnonoyesyes

cve-2023-1671
Created by csffs

News Articles

favicon imageHelp Net Security

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security

CISA has added three bugs to its Known Exploited Vulnerabilities catalog, among them a critical one (CVE-2023-1671) in Sophos Web Appliance.

favicon imageThe Hacker News

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.

favicon imageThe Cyber Express

A Pre-Auth Command Injection Sophos Vulnerability Exploited In The Wild - The Cyber Express

The pre-auth command injection Sophos vulnerability was found in the versions prior to 4.3.10.4. CVE-2023-1671 had a severity score of 9.8.

References

https://www.sophos.com/en-us/security-advisories/sophos-s...
http://packetstormsecurity.com/files/172016/Sophos-Web-Ap...

EPSS Score

94% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ¦…

    CISA Reported

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

.