NotCVE - vendor:"Sophos" product:"Firewall Firmware"

12 results (0.026 seconds)

CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3696

https://notcve.org/view.php?id=CVE-2022-3696

01 Dec 2022 — A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección de código posterior a la autenticación permite a los administradores ejecutar código en Webadmin de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3709

https://notcve.org/view.php?id=CVE-2022-3709

01 Dec 2022 — A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad XSS almacenada permite escalar privilegios de administrador a superadministrador en el asistente de importación de grupos Webadmin de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3710

https://notcve.org/view.php?id=CVE-2022-3710

01 Dec 2022 — A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección SQL de solo lectura posterior a la autenticación permite a los clientes API leer contenidos de bases de datos de configuración no confidenciales en el controlador API de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3711

https://notcve.org/view.php?id=CVE-2022-3711

01 Dec 2022 — A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección SQL de solo lectura posterior a la autenticación permite a los usuarios leer contenidos de bases de datos de configuración no confidenciales en el Portal de usuario de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3713

https://notcve.org/view.php?id=CVE-2022-3713

01 Dec 2022 — A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección de código permite a atacantes adyacentes ejecutar código en el controlador Wifi de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3226

https://notcve.org/view.php?id=CVE-2022-3226

01 Dec 2022 — An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección de comandos del Sistema Operativo permite a los administradores ejecutar código a través de cargas de configuración de VPN SSL en versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-25268

https://notcve.org/view.php?id=CVE-2021-25268

05 May 2022 — Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. Múltiples vulnerabilidades de tipo XSS en Webadmin permiten la escalada de privilegios de MySophos admin a SFOS admin en Sophos Firewall versiones anteriores a 19.0 GA • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220505-sfos-19-0-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-25267

https://notcve.org/view.php?id=CVE-2021-25267

05 May 2022 — Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. Múltiples vulnerabilidades de tipo XSS en Webadmin permiten una escalada de privilegios de admin a super-admin en Sophos Firewall versiones anteriores a 19.0 GA • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220505-sfos-19-0-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 2%CPEs: 14EXPL: 0

CVE-2020-17352

https://notcve.org/view.php?id=CVE-2020-17352

07 Aug 2020 — Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Dos vulnerabilidades de inyección de comandos de Sistema Operativo en el portal de Usuario de Sophos XG Firewall hasta el 05-08-2020, permiten potencialmente a un atacante autenticado ejecutar código arbitrario remotamente • https://community.sophos.com/b/security-blog • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0

CVE-2020-15504

https://notcve.org/view.php?id=CVE-2020-15504

10 Jul 2020 — A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix. Una vulnerabilidad de inyección SQL en las interfaces web de usuario y administrador de Sophos XG Firewall versiones v18.0 MR1 y anteriores, permite potencialmente a un atacante ... • https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2