Vulnerability Details CVE-2024-12727
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 81.0%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2024-12727
-
cpe:2.3:h:sophos:firewall:-
-
cpe:2.3:o:sophos:firewall_firmware:-
-
cpe:2.3:o:sophos:firewall_firmware:19.0