CVE-2024-13974

High CVSS: 8.1

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.

Vendor

Sophos

Product

Firewall Firmware

CWE

CWE-807

Yayın Tarihi

2025-07-21 14:15:29

Güncelleme

2025-11-17 16:25:08

Source Identifier

security-alert@sophos.com

KEV Date Added

Kategoriler

CWE-807 Firewall Firmware HIGH Sophos 2025

Referanslar

https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

Benzer Kayıtlar

Critical

CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than…

High

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjac…

Critical

CVE-2025-7624

An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (2…

Medium

CVE-2024-13973

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potenti…

High

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.…