CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16117
https://notcve.org/view.php?id=CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter. Una vulnerabilidad de escape de shell en /webconsole/Controller en el Portal de Administración de Sophos XG firewall versión 17.0.8 MR-8, permite a atacantes remotos autenticados ejecutar comandos de sistema operativo arbitrarios por medio de meta caracteres shell en el parámetro POST "dbName". • https://community.sophos.com/kb/en-us/132637 https://github.com/klsecservices/Advisories/blob/master/KL-SOPHOS-2018-002.md https://www.sophos.com/en-us/legal/sophos-responsible-disclosure-policy.aspx • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16118
https://notcve.org/view.php?id=CVE-2018-16118
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. Una vulnerabilidad de escape de shell en /webconsole/APIController en el componente Configuration API Sophos XG firewall versión 17.0.8 MR-8, permite a los atacantes remotos ejecutar comandos arbitrarios del sistema operativo por medio de meta caracteres shell en el encabezado HTTP "X-Forwarded-for". • https://community.sophos.com/kb/en-us/132637 https://github.com/klsecservices/Advisories/blob/master/KL-SOPHOS-2018-003.md https://www.sophos.com/en-us/legal/sophos-responsible-disclosure-policy.aspx • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2017-18014
https://notcve.org/view.php?id=CVE-2017-18014
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request. Se ha descubierto un problema NC-25986 en el subsistema de informes de Sophos XG Firewall with SFOS en versiones anteriores a la 17.0.3 MR3. Un usuario sin autenticar puede desencadenar una vulnerabilidad de Cross-Site Scripting (XSS) persistente en la página de informes WAF (Control Center -> Log Viewer -> en el filtro opción "Web Server Protection") en la interfaz webadmin y ejecutar cualquier acción disponible para el webadmin del firewall (por ejemplo, crear un nuevo usuario, habilitar SSH o añadir la clave SSH autorizada). • http://seclists.org/fulldisclosure/2018/Jan/24 https://blogs.securiteam.com/index.php/archives/3612 https://community.sophos.com/kb/en-us/128024 https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-0-3-mr3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •