CVE-2021-25268: XSS
First published: Thu May 05 2022(Updated: )
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.
Credit: security-alert@sophos.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sophos Firewall Firmware | <19.0 | |
| Sophos Firewall |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2021-25268.
What is the severity rating of CVE-2021-25268?
CVE-2021-25268 has a severity rating of 8.4 (high).
How can this vulnerability be exploited?
This vulnerability can be exploited through multiple XSS vulnerabilities in Webadmin, allowing for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.
Which version of Sophos Firewall is affected by this vulnerability?
Sophos Firewall older than version 19.0 GA is affected by this vulnerability.
Is there a fix available for CVE-2021-25268?
Yes, it is recommended to upgrade to Sophos Firewall version 19.0 GA or later to address this vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/event
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- vendor/sophos
- canonical/sophos firewall firmware
- canonical/sophos firewall