CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-15504

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504
https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504

Products affected by CVE-2020-15504

Sophos » Xg Firewall Firmware » Version: 17.0

cpe:2.3:o:sophos:xg_firewall_firmware:17.0
Sophos » Xg Firewall Firmware » Version: 17.5

cpe:2.3:o:sophos:xg_firewall_firmware:17.5
Sophos » Xg Firewall Firmware » Version: 18.0

cpe:2.3:o:sophos:xg_firewall_firmware:18.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15504

Products

Pricing

Contact Us