Skip to main content

Sophos

80 CVEs product

Monthly

CVE-2024-12729 HIGH PATCH This Week

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Sophos Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-12728 CRITICAL PATCH Act Now

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sophos Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-12727 CRITICAL PATCH Act Now

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi RCE Sophos Microsoft Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-8885 HIGH This Week

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Sophos Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-5552 HIGH This Week

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sophos Firewall
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33335 MEDIUM This Month

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sophos Iview
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-33336 MEDIUM This Month

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Sophos Web Appliance
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-1671 CRITICAL POC KEV THREAT Act Now

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Sophos Web Appliance
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2022-3713 HIGH This Week

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos RCE Code Injection Xg Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3711 MEDIUM This Month

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-3710 LOW Monitor

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
CVSS 3.1
2.7
EPSS
0.7%
CVE-2022-3709 HIGH This Week

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation XSS Xg Firewall Firmware
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2022-3696 HIGH This Week

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos RCE Code Injection Xg Firewall Firmware
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-3226 HIGH This Week

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Xg Firewall Firmware
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-3980 CRITICAL POC PATCH Act Now

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Sophos RCE SSRF XXE Mobile
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2022-3236 CRITICAL POC KEV THREAT Act Now

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sophos Code Injection Firewall
NVD
CVSS 3.1
9.8
EPSS
98.9%
CVE-2022-1807 HIGH This Week

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Privilege Escalation Firewall
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-0331 MEDIUM This Month

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sophos Information Disclosure Sfos
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-1040 CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sophos Sfos
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.8%
CVE-2022-0652 HIGH This Week

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0386 HIGH This Week

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Unified Threat Management
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-25269 MEDIUM This Month

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Exploit Prevention Intercept X Endpoint Intercept X For Server
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-36808 HIGH This Week

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. Rated high severity (CVSS 7.0). No vendor patch available.

Google Sophos Race Condition Authentication Bypass Sophos Secure Workspace
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2021-25273 MEDIUM POC This Month

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos XSS Unified Threat Management
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-25264 MEDIUM This Month

In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Sophos Home Intercept X
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-25265 HIGH PATCH This Week

A malicious website could execute code remotely in Sophos Connect Client before version 2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Sophos Information Disclosure Connect
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-25223 CRITICAL POC KEV THREAT Emergency

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE Command Injection Unified Threat Management
NVD
CVSS 3.1
9.8
EPSS
96.7%
CVE-2020-17352 HIGH PATCH This Week

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos RCE Command Injection Xg Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2020-15504 CRITICAL Act Now

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sophos RCE SQLi Xg Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-15069 CRITICAL KEV THREAT Act Now

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sophos Xg Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
10.7%
CVE-2020-14980 MEDIUM This Month

The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Sophos Information Disclosure Sophos Secure Email
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-11503 CRITICAL Act Now

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sophos Memory Corruption Sfos
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-12271 CRITICAL POC KEV THREAT Act Now

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE SQLi Sfos
NVD
CVSS 3.1
9.8
EPSS
42.2%
CVE-2020-10947 HIGH This Week

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation Anti Virus For Sophos Central Anti Virus For Sophos Home
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-9540 HIGH This Week

Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Hitmanpro Alert
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9363 HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix Endpoint Protection Intercept X Endpoint +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-17059 CRITICAL POC Act Now

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos Command Injection Cyberoamos
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2018-3971 HIGH POC This Week

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Buffer Overflow Hitmanpro Alert
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-3970 MEDIUM POC This Month

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Information Disclosure Hitmanpro Alert
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-6857 HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow Safeguard Easy Device Encryption Client Safeguard Enterprise Client +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-6856 HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow Safeguard Easy Device Encryption Client Safeguard Enterprise Client +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-6855 HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow Safeguard Easy Device Encryption Client Safeguard Enterprise Client +1
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-6854 HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow Safeguard Easy Device Encryption Client Safeguard Enterprise Client +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-6853 HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow Safeguard Easy Device Encryption Client Safeguard Enterprise Client +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-6852 HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow Safeguard Easy Device Encryption Client Safeguard Enterprise Client +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-6851 HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow Safeguard Easy Device Encryption Client Safeguard Enterprise Client +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-9233 HIGH POC This Week

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Information Disclosure Endpoint Protection
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-4863 MEDIUM POC This Month

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Authentication Bypass Endpoint Protection
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-6319 MEDIUM This Month

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Sophos Null Pointer Dereference Denial Of Service Sophos Tester
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6318 HIGH This Week

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Information Disclosure Sophos Tester
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2017-7441 HIGH POC This Week

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sophos Hitmanpro
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6008 HIGH POC This Week

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sophos Hitmanpro
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
2.8%
CVE-2017-6007 MEDIUM POC This Month

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sophos Hitmanpro
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2012-6706 CRITICAL POC Act Now

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sophos Buffer Overflow Threat Detection Engine +1
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2017-9523 MEDIUM This Month

The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sophos Web Appliance
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-9834 MEDIUM POC This Month

An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Cyberoam Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-7786 HIGH POC This Week

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos Privilege Escalation Cyberoam Cr25Ing Utm Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.6%
CVE-2017-6412 HIGH POC This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Session Fixation Sophos Information Disclosure Web Appliance
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
0.8%
CVE-2017-6184 MEDIUM This Month

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
CVSS 3.0
4.7
EPSS
1.2%
CVE-2017-6183 HIGH This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
CVSS 3.0
7.2
EPSS
3.0%
CVE-2017-6182 CRITICAL POC THREAT Emergency

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Sophos Command Injection Web Appliance
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
14.9%
CVE-2016-9554 HIGH POC THREAT Act Now

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

PHP Sophos Command Injection Web Appliance
NVD Exploit-DB VulDB
CVSS 3.0
7.2
EPSS
11.3%
CVE-2016-9553 HIGH POC This Week

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Sophos Command Injection Web Appliance
NVD Exploit-DB VulDB
CVSS 3.0
7.2
EPSS
6.8%
CVE-2016-7442 MEDIUM This Month

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management Software
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-7397 MEDIUM This Month

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management Software
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-6597 HIGH This Week

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sophos Information Disclosure Mobile Control Eas Proxy
NVD
CVSS 3.0
8.6
EPSS
0.2%
CVE-2016-3968 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Cyberoam Cr100Ing Utm Firmware Cyberoam Cr35Ing Utm Firmware
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-2046 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Unified Threat Management Software
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2015-6811 HIGH POC This Week

SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos SQLi Cyberoamos
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.8%
CVE-2014-5503 CRITICAL Act Now

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Cyberoam Os
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-5502 CRITICAL Act Now

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sophos Cyberoam Os
NVD
CVSS 2.0
9.0
EPSS
1.0%
CVE-2014-5501 CRITICAL Act Now

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Sophos Buffer Overflow RCE Cyberoam Os
NVD
CVSS 2.0
9.3
EPSS
6.7%
CVE-2014-2385 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos Anti Virus
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-2005 MEDIUM This Month

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Enterprise Console
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2014-2850 HIGH POC THREAT Act Now

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.7%.

Command Injection Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
8.5
EPSS
75.7%
Threat
5.5
CVE-2014-2849 HIGH POC THREAT Act Now

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

Sophos Privilege Escalation Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
8.5
EPSS
76.5%
Threat
5.5
CVE-2014-2537 HIGH PATCH This Week

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos Denial Of Service Unified Threat Management Software Unified Threat Management
NVD VulDB
CVSS 2.0
7.8
EPSS
1.7%
CVE-2013-2643 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos PHP Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-2642 CRITICAL POC THREAT Emergency

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Command Injection Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
12.0%
CVE-2013-2641 MEDIUM POC THREAT This Month

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

Path Traversal Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
82.3%
Threat
5.0
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Sophos +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sophos Firewall Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi RCE Sophos +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Sophos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sophos +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sophos Iview
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Sophos +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Sophos +1
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos RCE Code Injection +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
EPSS 1% CVSS 2.7
LOW Monitor

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
EPSS 1% CVSS 8.4
HIGH This Week

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation XSS +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos RCE Code Injection +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Xg Firewall Firmware
NVD
EPSS 8% CVSS 9.8
CRITICAL POC PATCH Act Now

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Sophos RCE SSRF +2
NVD
EPSS 99% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sophos Code Injection +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Privilege Escalation +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sophos Information Disclosure Sfos
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sophos Sfos
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Unified Threat Management
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Exploit Prevention +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. Rated high severity (CVSS 7.0). No vendor patch available.

Google Sophos Race Condition +2
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos XSS Unified Threat Management
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Sophos +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A malicious website could execute code remotely in Sophos Connect Client before version 2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Sophos Information Disclosure Connect
NVD
EPSS 97% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE Command Injection +1
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos RCE Command Injection +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sophos RCE SQLi +1
NVD
EPSS 11% CVSS 9.8
CRITICAL KEV THREAT Act Now

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sophos +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Sophos Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sophos +2
NVD
EPSS 42% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE SQLi +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation Anti Virus For Sophos Central +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Hitmanpro Alert
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix +5
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos Command Injection Cyberoamos
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Buffer Overflow Hitmanpro Alert
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Information Disclosure Hitmanpro Alert
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Sophos Privilege Escalation Buffer Overflow +3
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Information Disclosure Endpoint Protection
NVD Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Authentication Bypass Endpoint Protection
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM This Month

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Sophos Null Pointer Dereference Denial Of Service +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Information Disclosure Sophos Tester
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sophos Hitmanpro
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sophos Hitmanpro
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sophos Hitmanpro
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sophos +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sophos Web Appliance
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Cyberoam Firmware
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC This Week

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos Privilege Escalation Cyberoam Cr25Ing Utm Firmware
NVD Exploit-DB
EPSS 1% CVSS 8.1
HIGH POC This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Session Fixation Sophos Information Disclosure +1
NVD Exploit-DB
EPSS 1% CVSS 4.7
MEDIUM This Month

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
EPSS 3% CVSS 7.2
HIGH This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Emergency

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Sophos Command Injection Web Appliance
NVD Exploit-DB
EPSS 11% CVSS 7.2
HIGH POC THREAT Act Now

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

PHP Sophos Command Injection +1
NVD Exploit-DB VulDB
EPSS 7% CVSS 7.2
HIGH POC This Week

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Sophos Command Injection +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management Software
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management Software
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sophos Information Disclosure Mobile Control Eas Proxy
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Cyberoam Cr100Ing Utm Firmware +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Unified Threat Management Software
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos SQLi Cyberoamos
NVD Exploit-DB
EPSS 1% CVSS 10.0
CRITICAL Act Now

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Cyberoam Os
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sophos Cyberoam Os
NVD
EPSS 7% CVSS 9.3
CRITICAL Act Now

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Sophos Buffer Overflow RCE +1
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos Anti Virus
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Enterprise Console
NVD
EPSS 76% 5.5 CVSS 8.5
HIGH POC THREAT Act Now

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.7%.

Command Injection Sophos Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 76% 5.5 CVSS 8.5
HIGH POC THREAT Act Now

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

Sophos Privilege Escalation Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos Denial Of Service Unified Threat Management Software +1
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos PHP +2
NVD Exploit-DB VulDB
EPSS 12% CVSS 9.3
CRITICAL POC THREAT Emergency

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Command Injection Sophos Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 82% 5.0 CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

Path Traversal Sophos Web Appliance Firmware +1
NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy