Vulnerabilities (CVE)

Filtered by vendor Sophos Subscribe
Total 160 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1807 1 Sophos 1 Firewall 2023-12-10 N/A 7.2 HIGH
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.
CVE-2022-0331 1 Sophos 1 Sfos 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
CVE-2021-25266 1 Sophos 2 Authenticator, Intercept X 2023-12-10 2.1 LOW 3.9 LOW
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
CVE-2021-36809 1 Sophos 1 Ssl Vpn Client 2023-12-10 3.6 LOW 6.0 MEDIUM
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.
CVE-2022-0386 1 Sophos 1 Unified Threat Management 2023-12-10 6.5 MEDIUM 8.8 HIGH
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
CVE-2021-25267 1 Sophos 2 Firewall, Firewall Firmware 2023-12-10 8.5 HIGH 8.4 HIGH
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.
CVE-2021-25268 1 Sophos 2 Firewall, Firewall Firmware 2023-12-10 6.0 MEDIUM 8.4 HIGH
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.
CVE-2022-1040 1 Sophos 1 Sfos 2023-12-10 7.5 HIGH 9.8 CRITICAL
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
CVE-2022-0652 1 Sophos 1 Unified Threat Management 2023-12-10 2.1 LOW 7.8 HIGH
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
CVE-2021-25271 1 Sophos 1 Hitmanpro 2023-12-10 3.6 LOW 6.0 MEDIUM
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.
CVE-2021-25270 1 Sophos 1 Hitmanpro.alert 2023-12-10 7.2 HIGH 6.7 MEDIUM
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.
CVE-2021-25269 1 Sophos 3 Exploit Prevention, Intercept X Endpoint, Intercept X For Server 2023-12-10 2.1 LOW 4.4 MEDIUM
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.
CVE-2021-36808 1 Sophos 1 Sophos Secure Workspace 2023-12-10 4.4 MEDIUM 7.0 HIGH
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
CVE-2021-36807 1 Sophos 1 Unified Threat Management Up2date 2023-12-10 6.5 MEDIUM 8.8 HIGH
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
CVE-2021-25273 1 Sophos 1 Unified Threat Management 2023-12-10 3.5 LOW 4.8 MEDIUM
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVE-2021-25264 1 Sophos 2 Home, Intercept X 2023-12-10 7.2 HIGH 6.7 MEDIUM
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
CVE-2020-25223 1 Sophos 1 Unified Threat Management 2023-12-10 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVE-2020-29574 1 Sophos 1 Cyberoamos 2023-12-10 7.5 HIGH 9.8 CRITICAL
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
CVE-2021-25265 2 Microsoft, Sophos 2 Windows, Connect 2023-12-10 6.8 MEDIUM 8.8 HIGH
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
CVE-2020-15069 1 Sophos 2 Xg Firewall, Xg Firewall Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.