CVE-2020-12271

CVSS 10 CRITICALEPSS 43.1%● KEVCWE-89

In short

A SQL injection vulnerability in Sophos XG Firewall allowed attackers to execute arbitrary code and steal administrative credentials through the exposed web administration or user portal interfaces.

Technical detail

SQL injection vulnerability (CWE-89) in SFOS versions 17.0, 17.1, 17.5, and 18.0 (before 2020-04-25) exploitable via HTTPS administration service or User Portal exposed to WAN. Successful exploitation enables remote code execution and credential exfiltration of local admin, portal admin, and remote access user account hashes.

Summary generated and translated by AI from the official description.

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)

CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://community.sophos.com/kb/en-us/135412 https://cwe.mitre.org/data/definitions/89.html https://news.sophos.com/en-us/2020/04/26/asnarok/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12271