Vulnerability Details CVE-2022-3226
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.0%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2022-3226
-
cpe:2.3:h:sophos:xg_firewall:-
-
cpe:2.3:o:sophos:xg_firewall_firmware:17.0
-
cpe:2.3:o:sophos:xg_firewall_firmware:17.5
-
cpe:2.3:o:sophos:xg_firewall_firmware:18.0