PT-2020-6848 · Sophos · Sophos Sg Utm
Mgrimm
·
Published
2020-09-25
·
Updated
2025-11-07
·
CVE-2020-25223
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sophos SG UTM versions prior to v9.705 MR5
Sophos SG UTM versions prior to v9.607 MR7
Sophos SG UTM versions prior to v9.511 MR11
Description
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. The vulnerability is related to the failure to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary commands.
Recommendations
For versions prior to v9.705 MR5, update to v9.705 MR5 or later.
For versions prior to v9.607 MR7, update to v9.607 MR7 or later.
For versions prior to v9.511 MR11, update to v9.511 MR11 or later.
Exploit
Fix
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sophos Sg Utm