HIGH✓ PATCH🇬🇧 English

CVE-2020-17352

CVSS 8.8v3.1pub. 2020-08-07upd. 2024-11-21

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Sophos Xg Firewall Firmware

    OS
    Sophos
    17.518.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEFirewallCommand Injection
CWE
Referencje

Powiązane podatności

CVE-2020-15069CRITICAL9.8⚠ KEVten sam produkt

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S B...

CVE-2020-15504CRITICAL9.8ten sam produkt

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older p...

CVE-2022-3696HIGH7.2ten sam produkt

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases...

CVE-2022-3713HIGH8.8ten sam produkt

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Fire...

CVE-2022-3226HIGH7.2ten sam produkt

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sopho...

CVE-2020-17352 — HIGH 8.8 | CVEbaza.pl