Skip to main content

Firewall Firmware

3 CVEs product

Monthly

CVE-2024-12729 HIGH PATCH This Week

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Sophos Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-12728 CRITICAL PATCH Act Now

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sophos Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-12727 CRITICAL PATCH Act Now

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi RCE Sophos Microsoft Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Sophos +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sophos Firewall Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi RCE Sophos +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy