PT-2022-14128 · Sophos · Sophos Firewall
Published
2022-09-07
·
Updated
2022-09-12
·
CVE-2022-1807
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sophos Firewall versions prior to 18.5 MR4
Sophos Firewall versions prior to 19.0 MR1
Description
The issue concerns multiple SQL injection vulnerabilities in the Webadmin component of Sophos Firewall. These vulnerabilities can be exploited to achieve privilege escalation from an admin to a super-admin level.
Recommendations
For versions prior to 18.5 MR4, update to version 18.5 MR4 or later.
For versions prior to 19.0 MR1, update to version 19.0 MR1 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sophos Firewall