CVE-2020-12271
Sophos SFOS SQL Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
42.2%
p99
KEV
SÍ
3 nov 2021
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Sophos / SFOS
Vulnerabilidad
Sophos SFOS SQL Injection Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
3 may 2022
Uso conocido en ransomware
Sí
Descripción resumida
Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2020-12271
Sin CVEs relacionados por CWE o producto.