Sophos: Security Vulnerabilities
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-07-10
CVE-2020-15069
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
Known exploited
CVSS Score
9.8
EPSS Score
0.668
Published
2020-06-29
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-06-22
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-06-18
CVE-2020-12271
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)
Known exploited
CVSS Score
10.0
EPSS Score
0.854
Published
2020-04-27
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-04-17
Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-03-02
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-02-24
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
CVSS Score
9.8
EPSS Score
0.056
Published
2019-10-11
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
CVSS Score
8.8
EPSS Score
0.038
Published
2019-06-20