Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sophos XG firewall API Configuration组件操作系统命令注入漏洞
Vulnerability Description
Sophos XG firewall是英国Sophos公司的一款下一代端点保护与企业级防火墙产品。API Configuration是其中的一个API配置组件。 Sophos XG firewall 17.0.8 MR-8版本中的API Configuration组件的/webconsole/APIController存在安全漏洞。攻击者可借助‘X-Forwarded-for’字段中带有shell元字符的HTTP头利用该漏洞执行任意的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A