First published: Thu Jun 20 2019(Updated: )
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sophos SFOS | <=17.0 | |
Sophos SFOS | =17.1 | |
Sophos SFOS | =17.1-maintenance_release1 | |
Sophos XG Firewall |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16117 is a shell escape vulnerability in /webconsole/Controller in the Admin Portal of Sophos XG firewall 17.0.8 MR-8.
CVE-2018-16117 has a severity rating of 8.8 (critical).
CVE-2018-16117 affects Sophos XG firewall 17.0.8 MR-8 and allows remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
To fix CVE-2018-16117, it is recommended to update to a patched version of Sophos XG firewall.
More information about CVE-2018-16117 can be found in the following references: [Sophos Community KB](https://community.sophos.com/kb/en-us/132637) and [Sophos Responsible Disclosure Policy](https://www.sophos.com/en-us/legal/sophos-responsible-disclosure-policy.aspx).