CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-17352

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.022

EPSS Ranking 83.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://community.sophos.com/b/security-blog
https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352
https://community.sophos.com/b/security-blog
https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352

Products affected by CVE-2020-17352

Sophos » Xg Firewall Firmware » Version: 17.5

cpe:2.3:o:sophos:xg_firewall_firmware:17.5
Sophos » Xg Firewall Firmware » Version: 18.0

cpe:2.3:o:sophos:xg_firewall_firmware:18.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-17352

Products

Pricing

Contact Us