Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos firewall vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS prior to 10.6.6 MR-6 allows remote malicious users to execute arbitrary commands via the Web Admin and SSL VPN consoles.
Sophos Cyberoamos 10.6.6
Sophos Cyberoamos
9.3
CVSSv2
CVE-2018-16118
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote malicious users to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
Sophos Sfos 17.0
Sophos Sfos 17.0.8
Sophos Sfos 17.1
Sophos Sfos
Sophos Sfos 16.5
9
CVSSv2
CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated malicious users to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
Sophos Sfos
Sophos Sfos 17.1
8.5
CVSSv2
CVE-2021-25267
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.
Sophos Firewall Firmware
7.5
CVSSv2
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v18.5 MR3 and older.
Sophos Sfos
7 Github repositories
2 Articles
7.5
CVSSv2
CVE-2020-15504
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an malicious user to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 ...
Sophos Xg Firewall Firmware
Sophos Xg Firewall Firmware 17.5
Sophos Xg Firewall Firmware 18.0
7.5
CVSSv2
CVE-2020-15069
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
Sophos Xg Firewall Firmware
Sophos Xg Firewall Firmware 17.5
7.5
CVSSv2
CVE-2020-11503
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an malicious user to run arbitrary code remotely.
Sophos Sfos
Sophos Sfos 17.5
7.5
CVSSv2
CVE-2020-12271
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 prior to 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone...
Sophos Sfos 17.1
Sophos Sfos 17.0
Sophos Sfos 18.0
Sophos Sfos 17.5
7.5
CVSSv2
CVE-2015-6811
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the username parameter to login.xml.
Cyberoam Cyberoamos 10.6.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »