Vulnerability Details CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html
- https://community.sophos.com/b/security-blog
- https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223
- https://cwe.mitre.org/data/definitions/78.html
- https://www.secpod.com/blog/remote-code-execution-in-sophos-utm/
- http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html
- https://community.sophos.com/b/security-blog
- https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223
- https://cwe.mitre.org/data/definitions/78.html
- https://www.secpod.com/blog/remote-code-execution-in-sophos-utm/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-25223
Products affected by CVE-2020-25223
-
cpe:2.3:a:sophos:unified_threat_management:9.500
-
cpe:2.3:a:sophos:unified_threat_management:9.501
-
cpe:2.3:a:sophos:unified_threat_management:9.502
-
cpe:2.3:a:sophos:unified_threat_management:9.503
-
cpe:2.3:a:sophos:unified_threat_management:9.504
-
cpe:2.3:a:sophos:unified_threat_management:9.505
-
cpe:2.3:a:sophos:unified_threat_management:9.506
-
cpe:2.3:a:sophos:unified_threat_management:9.507
-
cpe:2.3:a:sophos:unified_threat_management:9.508
-
cpe:2.3:a:sophos:unified_threat_management:9.509
-
cpe:2.3:a:sophos:unified_threat_management:9.510
-
cpe:2.3:a:sophos:unified_threat_management:9.511
-
cpe:2.3:a:sophos:unified_threat_management:9.600
-
cpe:2.3:a:sophos:unified_threat_management:9.601
-
cpe:2.3:a:sophos:unified_threat_management:9.602
-
cpe:2.3:a:sophos:unified_threat_management:9.603
-
cpe:2.3:a:sophos:unified_threat_management:9.604
-
cpe:2.3:a:sophos:unified_threat_management:9.605
-
cpe:2.3:a:sophos:unified_threat_management:9.606
-
cpe:2.3:a:sophos:unified_threat_management:9.607
-
cpe:2.3:a:sophos:unified_threat_management:9.700
-
cpe:2.3:a:sophos:unified_threat_management:9.701
-
cpe:2.3:a:sophos:unified_threat_management:9.702
-
cpe:2.3:a:sophos:unified_threat_management:9.703
-
cpe:2.3:a:sophos:unified_threat_management:9.704
-
cpe:2.3:a:sophos:unified_threat_management:9.705