CVE-2022-1040 PoC — Sophos Firewall 授权问题漏洞

Source

https://github.com/jackson5sec/CVE-2022-1040

Associated Vulnerability

Title:Sophos Firewall 授权问题漏洞 (CVE-2022-1040)
Description:Sophos Firewall是英国Sophos公司的一款防火墙。 Sophos Firewall version v18.5 MR3 版本及之前版本的 User Portal 和 Webadmin 模块存在授权问题漏洞，该漏洞源于User Portal 和 Webadmin 模块存在身份认证绕过漏洞。攻击者通过该漏洞可以远程执行代码。

Description

This vulnerability allows an attacker to gain unauthorized access to the firewall management space by bypassing authentication

Readme

# CVE-2022-1040 : Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
This vulnerability allows an attacker to gain unauthorized access to the firewall management space by bypassing authentication

![alt text](https://github.com/APTIRAN/CVE-2022-1040/blob/main/Screenshot.png?raw=true)

☕️ Live : ....... updated

File Snapshot


 [4.0K]  /data/pocs/c59e1aa0682c7d1884a028ffbab2018c136d7923
├── [ 22M]  @APT_IR(Sophos).mp4
├── [1.7K]  CVE-2022-1040.txt
├── [ 327]  README.md
├── [286K]  Screenshot.png
└── [ 841]  userportal

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!