A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote malicious users to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sophos sfos 17.0 |
||
sophos sfos 17.0.8 |
||
sophos sfos 17.1 |
||
sophos sfos |
||
sophos sfos 16.5 |