CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12729
https://notcve.org/view.php?id=CVE-2024-12729
A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12728
https://notcve.org/view.php?id=CVE-2024-12728
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce • CWE-1391: Use of Weak Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12727
https://notcve.org/view.php?id=CVE-2024-12727
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •