exploitDog

GHSA-848r-3x2j-g9jr

Опубликовано: 21 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled.

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled.

Ссылки

EPSS

Процентиль: 41%

0.00195

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2025-7382

CVSS3: 8.8

nvd

7 месяцев назад

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled.

BDU:2025-10972

CVSS3: 8.8

fstec

7 месяцев назад

Уязвимость интерфейса WebAdmin межсетевых экранов Sophos Firewall (ранее Sophos XG Firewall), позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 41%

0.00195

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-78