A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HSophos Sfos
OSSophos16.517.017.0.817.1≤ 16.0Sophos Xg Firewall
HWSophoswszystkie wersje
Related vulnerabilities
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute cod...
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S B...
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall dev...
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potential...
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sopho...