CVE-2022-3226: OS Command Injection
First published: Thu Dec 01 2022(Updated: )
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
Credit: security-alert@sophos.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sophos Xg Firewall Firmware | <=19.0 | |
| Sophos XG Firewall |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this OS command injection vulnerability?
The vulnerability ID for this OS command injection vulnerability is CVE-2022-3226.
What is the title of this vulnerability?
The title of this vulnerability is 'An OS command injection vulnerability allows admins to execute code via SSL VPN configuration upload.'
How can admins exploit this vulnerability?
Admins can exploit this vulnerability by executing code through SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
Which software versions are affected by this vulnerability?
Sophos Firewall releases older than version 19.5 GA are affected by this vulnerability.
What is the severity and CVSS score of this vulnerability?
The severity of this vulnerability is high, with a CVSS score of 7.2.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/sophos
- canonical/sophos xg firewall firmware
- version/sophos xg firewall firmware/19.0
- canonical/sophos xg firewall