CVE-2020-15504
Description
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.116
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 are affected in xg_firewall_firmware 17.0 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release1 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release10 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release11 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release12 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release3 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release4 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release5 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release6 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release7 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release8 | NCM |
| Vulnerabilities CVE-2020-15069 ,CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 17.5-maintenance_release9 | NCM |
| Vulnerabilities CVE-2020-15504 are affected in xg_firewall_firmware 17.5-maintenance_release13 | NCM |
| Vulnerabilities CVE-2020-15504 ,CVE-2020-17352 are affected in xg_firewall_firmware 18.0 | NCM |
| Vulnerabilities CVE-2020-15504 are affected in xg_firewall_firmware 18.0-maintenance_release1 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234