// For flags

CVE-2020-12271

Sophos SFOS SQL Injection Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)

Se descubrió´ un problema de inyección SQL en SFOS versiones 17.0, 17.1, 17.5 y versiones 18.0 antes del 25-04-2020, en los dispositivos Firewall Sophos XG, tal como se explotó "in the wild" en abril de 2020. Esto afectó a los dispositivos configurados con el servicio de administración (HTTPS) o el Portal de Usuario expuesto en la zona WAN. Un ataque con éxito puede haber filtrado nombres de usuario y contraseñas del hash a los administradores de los dispositivos locales, los administradores del portal y las cuentas de usuario usadas para el acceso remoto (pero no las contraseñas externas de Active Directory o LDAP).

Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-04-27 CVE Reserved
  • 2020-04-27 CVE Published
  • 2021-11-03 Exploited in Wild
  • 2022-05-03 KEV Due Date
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-09-23 EPSS Updated
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sophos
Search vendor "Sophos"
Sfos
Search vendor "Sophos" for product "Sfos"
17.0
Search vendor "Sophos" for product "Sfos" and version "17.0"
-
Affected
in Sophos
Search vendor "Sophos"
Xg Firewall
Search vendor "Sophos" for product "Xg Firewall"
--
Safe
Sophos
Search vendor "Sophos"
Sfos
Search vendor "Sophos" for product "Sfos"
17.1
Search vendor "Sophos" for product "Sfos" and version "17.1"
-
Affected
in Sophos
Search vendor "Sophos"
Xg Firewall
Search vendor "Sophos" for product "Xg Firewall"
--
Safe
Sophos
Search vendor "Sophos"
Sfos
Search vendor "Sophos" for product "Sfos"
17.5
Search vendor "Sophos" for product "Sfos" and version "17.5"
-
Affected
in Sophos
Search vendor "Sophos"
Xg Firewall
Search vendor "Sophos" for product "Xg Firewall"
--
Safe
Sophos
Search vendor "Sophos"
Sfos
Search vendor "Sophos" for product "Sfos"
18.0
Search vendor "Sophos" for product "Sfos" and version "18.0"
-
Affected
in Sophos
Search vendor "Sophos"
Xg Firewall
Search vendor "Sophos" for product "Xg Firewall"
--
Safe