Sophos Firewall

20.0.0

SEMANTIC 1 CVE

0

SINGLE_NUMBER 3 CVEs

19.0 MR1

OTHER 1 CVE

unspecified

OTHER 12 CVEs

18.5 MR3

OTHER 1 CVE

18.5 MR2

OTHER 1 CVE

19.5.4

SEMANTIC 1 CVE

18.5 MR4

OTHER 1 CVE

CVE-2024-12729

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).

HIGH Dec 19, 2024

CVE-2024-12728

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).

CRITICAL Dec 19, 2024

CVE-2024-12727

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.

CRITICAL Dec 19, 2024

CVE-2023-5552

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.

HIGH Oct 17, 2023