HomePentest-Tools.com Logo

Sophos XG Firewall - Authentication Bypass (CVE-2022-1040)

CVSSv3 Score
Exploitable with Sniper
Vulnerability description

Sophos XG Firewall is affected by an Authentication Bypass vulnerability, located in the /userportal/Controller endpoint. The root cause of this vulnerability is the improper handling of duplicate json keys by the Sophos Channel Service Center (CSC). CSC uses the json-c library to parse input data which overwrites the old value if a key is duplicated. An attacker can exploit this vulnerability to bypass the authentication via malicious input sent to the CSC and thus gaining access to the device's WebConsole which leads to RCE.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the XG Firewall device in order to steal confidential information, install ransomware or pivot to the internal network.


In case the Allow automatic installation of hotfixes feature is disabled on the vulnerable device, applying the latest Sophos hotfix or applying one of the workarounds listed in the advisory should fix the vulnerability.

Detectable with
Network Scanner
Vuln date
Apr 2022
Published at
Updated at
Software Type
XG Firewall
Not available