First published: Fri Sep 25 2020(Updated: )
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sophos Unified Threat Management | <9.511 | |
Sophos Unified Threat Management | >=9.600<9.607 | |
Sophos Unified Threat Management | >=9.700<9.705 | |
Sophos Unified Threat Management | =9.511 | |
Sophos Unified Threat Management | =9.607 | |
Sophos Unified Threat Management | =9.705 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-25223.
The title of this vulnerability is Sophos SG UTM Remote Code Execution Vulnerability.
The severity of CVE-2020-25223 is critical with a severity value of 9.8.
The affected software versions are Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11.
To fix CVE-2020-25223, it is recommended to update to the latest version of Sophos SG UTM.
Yes, there are reference materials available at: http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html and https://community.sophos.com/b/security-blog