CVE-2024-13973

Medium CVSS: 6.8

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.

Vendor

Sophos

Product

Firewall Firmware

CWE

CWE-89

Yayın Tarihi

2025-07-21 14:15:26

Güncelleme

2025-11-17 16:27:18

Source Identifier

security-alert@sophos.com

KEV Date Added

Kategoriler

CWE-89 Firewall Firmware MEDIUM Sophos 2025

Referanslar

https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

Benzer Kayıtlar

Critical

CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than…

High

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjac…

Critical

CVE-2025-7624

An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (2…

High

CVE-2024-13974

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead…

High

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.…