What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2020-17352.

What is the severity of CVE-2020-17352?

The severity of CVE-2020-17352 is high with a CVSS score of 8.8.

What is the affected software of CVE-2020-17352?

The affected software of CVE-2020-17352 is Sophos XG Firewall firmware versions 17.5 and 18.0.

How can an attacker exploit CVE-2020-17352?

An authenticated attacker can exploit CVE-2020-17352 by injecting OS commands through the User Portal of Sophos XG Firewall, potentially allowing them to execute arbitrary code remotely.

Are there any patches or fixes for CVE-2020-17352?

Yes, patches or fixes for CVE-2020-17352 are available. Please refer to the official Sophos advisory for more information.

Vulnerability/
CVE-2020-17352

high

8.8

CWE

78 77

7/8/2020

4/8/2024

CVE-2020-17352: OS Command Injection

First published: Fri Aug 07 2020(Updated: )

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Sophos Xg Firewall Firmware	=17.5
Sophos Xg Firewall Firmware	=17.5-maintenance_release1
Sophos Xg Firewall Firmware	=17.5-maintenance_release10
Sophos Xg Firewall Firmware	=17.5-maintenance_release11
Sophos Xg Firewall Firmware	=17.5-maintenance_release12
Sophos Xg Firewall Firmware	=17.5-maintenance_release3
Sophos Xg Firewall Firmware	=17.5-maintenance_release4
Sophos Xg Firewall Firmware	=17.5-maintenance_release5
Sophos Xg Firewall Firmware	=17.5-maintenance_release6
Sophos Xg Firewall Firmware	=17.5-maintenance_release7
Sophos Xg Firewall Firmware	=17.5-maintenance_release8
Sophos Xg Firewall Firmware	=17.5-maintenance_release9
Sophos Xg Firewall Firmware	=18.0
Sophos Xg Firewall Firmware	=18.0-mr1

Remedy

https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-17352.
What is the severity of CVE-2020-17352?
The severity of CVE-2020-17352 is high with a CVSS score of 8.8.
What is the affected software of CVE-2020-17352?
The affected software of CVE-2020-17352 is Sophos XG Firewall firmware versions 17.5 and 18.0.
How can an attacker exploit CVE-2020-17352?
An authenticated attacker can exploit CVE-2020-17352 by injecting OS commands through the User Portal of Sophos XG Firewall, potentially allowing them to execute arbitrary code remotely.
Are there any patches or fixes for CVE-2020-17352?
Yes, patches or fixes for CVE-2020-17352 are available. Please refer to the official Sophos advisory for more information.

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/description
agent/type
agent/event
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/sophos
canonical/sophos xg firewall firmware
version/sophos xg firewall firmware/17.5
version/sophos xg firewall firmware/17.5-maintenance_release1
version/sophos xg firewall firmware/17.5-maintenance_release10
version/sophos xg firewall firmware/17.5-maintenance_release11
version/sophos xg firewall firmware/17.5-maintenance_release12
version/sophos xg firewall firmware/17.5-maintenance_release3
version/sophos xg firewall firmware/17.5-maintenance_release4
version/sophos xg firewall firmware/17.5-maintenance_release5
version/sophos xg firewall firmware/17.5-maintenance_release6
version/sophos xg firewall firmware/17.5-maintenance_release7
version/sophos xg firewall firmware/17.5-maintenance_release8
version/sophos xg firewall firmware/17.5-maintenance_release9
version/sophos xg firewall firmware/18.0
version/sophos xg firewall firmware/18.0-mr1