CVE-2024-13973
CVE-2024-13973
6.8
MediumPublished:
Last updated:
Source:security-alert@sophos.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Adjacent
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.
References
security-alert@sophos.com
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce