xg_firewall_firmware vulnerabilities and exploits

(subscribe to this query)

9.8

CVSSv3

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.

Sophos Xg Firewall Firmware Sophos Xg Firewall Firmware 17.5

7.2

CVSSv3

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.

Sophos Xg Firewall Firmware

7.2

CVSSv3

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.

Sophos Xg Firewall Firmware

8.4

CVSSv3

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.

Sophos Xg Firewall Firmware

2.7

CVSSv3

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.

Sophos Xg Firewall Firmware

4.3

CVSSv3

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.

Sophos Xg Firewall Firmware

8.8

CVSSv3

A code injection vulnerability allows adjacent malicious users to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.

Sophos Xg Firewall Firmware

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook