Vulnerability Details CVE-2022-3226
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.2%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2022-3226
-
cpe:2.3:h:sophos:xg_firewall:-
-
cpe:2.3:o:sophos:xg_firewall_firmware:17.0
-
cpe:2.3:o:sophos:xg_firewall_firmware:17.5
-
cpe:2.3:o:sophos:xg_firewall_firmware:18.0