Pre-Authentication SQL Injection Vulnerability in Sophos Firewall
CVE-2024-12727

9.8CRITICAL

Key Information:

Vendor: Sophos
Status: Sophos Firewall
Vendor: CVE Published:; 19 December 2024

Badges

📈 Score: 459👾 Exploit Exists📰 News Worthy

What is CVE-2024-12727?

CVE-2024-12727 presents a critical pre-authentication SQL injection vulnerability within the email protection feature of Sophos Firewall, specifically affecting versions prior to 21.0 MR1 (21.0.1). When exploited, this vulnerability allows an attacker to access the reporting database, providing a pathway for remote code execution, particularly under certain configurations of the Secure PDF eXchange (SPX) feature in conjunction with the firewall's High Availability (HA) mode. Organizations utilizing the affected versions are strongly advised to upgrade to prevent potential exploitation.

Affected Version(s)

Sophos Firewall 0 < 21.0 MR1 (21.0.1)

News Articles

The Hacker News

CVE-2024-12727 CVE-2024-12728

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Hotfixes address critical CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 flaws in Sophos Firewalls. Update to v21 MR1+ for security.

References

https://www.sophos.com/en-us/security-advisories/sophos-s...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Dec 20, 2024
📰
First article discovered by The Hacker News
Dec 20, 2024
Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Dec 17, 2024