Skip to main content

Xg Firewall Firmware

9 CVEs product

Monthly

CVE-2022-3713 HIGH This Week

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos RCE Code Injection Xg Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3711 MEDIUM This Month

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-3710 LOW Monitor

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
CVSS 3.1
2.7
EPSS
0.7%
CVE-2022-3709 HIGH This Week

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation XSS Xg Firewall Firmware
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2022-3696 HIGH This Week

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos RCE Code Injection Xg Firewall Firmware
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-3226 HIGH This Week

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Xg Firewall Firmware
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-17352 HIGH PATCH This Week

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos RCE Command Injection Xg Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2020-15504 CRITICAL Act Now

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sophos RCE SQLi Xg Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-15069 CRITICAL KEV THREAT Act Now

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sophos Xg Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
10.7%
EPSS 1% CVSS 8.8
HIGH This Week

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos RCE Code Injection +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
EPSS 1% CVSS 2.7
LOW Monitor

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
EPSS 1% CVSS 8.4
HIGH This Week

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation XSS +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos RCE Code Injection +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Xg Firewall Firmware
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos RCE Command Injection +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sophos RCE SQLi +1
NVD
EPSS 11% CVSS 9.8
CRITICAL KEV THREAT Act Now

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sophos +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy