CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-15069

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.574

EPSS Ranking 98.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

Proposed Action

Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.

Ransomware Campaign

Unknown

References

https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal
https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal

Products affected by CVE-2020-15069

Sophos » Xg Firewall » Version: N/A

cpe:2.3:h:sophos:xg_firewall:-
Sophos » Xg Firewall Firmware » Version: 17.0

cpe:2.3:o:sophos:xg_firewall_firmware:17.0
Sophos » Xg Firewall Firmware » Version: 17.5

cpe:2.3:o:sophos:xg_firewall_firmware:17.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15069

Products

Pricing

Contact Us