HomePentest-Tools.com Logo

Sophos Web Appliance - Remote Code Execution CVE-2023-1671

Severity
CVSSv3 Score
9.8
Vulnerability description

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Apply the latest security patches or updates provided by Sophos to mitigate this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Apr 4, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available