Vulnerability Description
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sophos | Sfos | 17.0 |
| Sophos | Xg Firewall | - |
Related Weaknesses (CWE)
References
- https://community.sophos.com/kb/en-us/135412Vendor Advisory
- https://cwe.mitre.org/data/definitions/89.htmlThird Party Advisory
- https://news.sophos.com/en-us/2020/04/26/asnarok/ExploitVendor Advisory
- https://community.sophos.com/kb/en-us/135412Vendor Advisory
- https://cwe.mitre.org/data/definitions/89.htmlThird Party Advisory
- https://news.sophos.com/en-us/2020/04/26/asnarok/ExploitVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-US Government Resource
FAQ
What is CVE-2020-12271?
CVE-2020-12271 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either...
How severe is CVE-2020-12271?
CVE-2020-12271 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-12271?
Check the references section above for vendor advisories and patch information. Affected products include: Sophos Sfos, Sophos Xg Firewall.