CVE Vulnerability

CVE-2022-1807

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-18-5-4 Vendor Advisory
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-19-0-1 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:o:sophos:firewall:19.0:-:*:*:*:*:*:*
cpe:2.3:o:sophos:firewall:18.5:-:*:*:*:*:*:*
cpe:2.3:o:sophos:firewall:18.5:mr1-1:*:*:*:*:*:*
cpe:2.3:o:sophos:firewall:18.5:mr2:*:*:*:*:*:*
cpe:2.3:o:sophos:firewall:18.5:mr3:*:*:*:*:*:*
cpe:2.3:o:sophos:firewall:18.5:mr1:*:*:*:*:*:*
cpe:2.3:o:sophos:firewall:*:*:*:*:*:*:*:*
Information

Published : 2022-09-07 06:15

Updated : 2022-09-12 06:38

NVD link : CVE-2022-1807

Mitre link : CVE-2022-1807

Products Affected
No products.
CWE
CWE-89