Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
sophos Sophos Firewall

Version unspecified

OTHER 12 CVEs

Known Vulnerabilities

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.

LOW CVSS 2.7 Published Dec 01, 2022

CVE-2022-3709

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.

MEDIUM CVSS 6.8 Published Dec 01, 2022

CVE-2022-3713

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.

HIGH CVSS 8.8 Published Dec 01, 2022

CVE-2022-3226

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.

HIGH CVSS 7.2 Published Dec 01, 2022

CVE-2022-3696

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.

HIGH CVSS 7.2 Published Dec 01, 2022

CVE-2022-3711

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.

MEDIUM CVSS 4.3 Published Dec 01, 2022

CVE-2022-3236

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

CRITICAL CVSS 9.8 Published Sep 23, 2022

CVE-2022-1807

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.

HIGH CVSS 7.2 Published Sep 07, 2022

CVE-2021-25268

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.

HIGH CVSS 8.4 Published May 05, 2022

CVE-2021-25267

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.

MEDIUM CVSS 6.8 Published May 05, 2022

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.

MEDIUM CVSS 5.3 Published Mar 29, 2022

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

CRITICAL CVSS 9.8 Published Mar 25, 2022