Sophos SG UTM - Remote Code Execution (CVE-2020-25223)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
Sophos SG UTM is affected by a Remote Code Execution, located on the WebAdmin endpoint. Vulnerable versions are before v9.705 MR5, v9.607 MR7 and v9.511 MR11. The root cause of this vulnerability consists in using a dangerous function like open() in Perl, when user-supplied input is passed as a argument to the function. This allows a malicious unaunthenticated attacker to execute arbitrary code on the server.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the Sophos UTM in order to steal confidential information, install ransomware or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade the Sophos UTM to a version equal or higher than 9.705 or 9.607 or 9.511.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Sep 2020
- Published at
- Updated at
- Software Type
- Firewall
- Vendor
- Sophos
- Product
- SG UTM