Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sophos XG Firewall SFOS SQL注入漏洞
Vulnerability Description
Sophos XG firewall和SFOS都是英国Sophos公司的产品。Sophos XG firewall是一款下一代端点保护与企业级防火墙产品。SFOS是一套用于Sophos防火墙产品的操作系统。 Sophos XG Firewall设备(配置有管理服务或User Portal)上的SFOS中存在SQL注入漏洞。远程攻击者可利用该漏洞执行代码,获取本地设备管理员、门户管理员和用于远程账户访问的用户名和密码散列。
CVSS Information
N/A
Vulnerability Type
N/A