Sophos Xg Firewall Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sophos Xg Firewall Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2020-15504 — CVSS 9.8 (critical): A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker…
CVE-2022-3713 — CVSS 8.8 (high): A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than…
CVE-2020-17352 — CVSS 8.8 (high): Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated…
CVE-2022-3696 — CVSS 7.2 (high): A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
CVE-2022-3226 — CVSS 7.2 (high): An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older…
CVE-2022-3709 — CVSS 6.8 (medium): A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases…
CVE-2022-3711 — CVSS 4.3 (medium): A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of…
CVE-2022-3710 — CVSS 2.7 (low): A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API…