Lucene search

AttackerKBAKB:1374837C-E67C-4C56-98AA-693EC0BA59D5

HistoryApr 04, 2023 - 12:00 a.m.

CVE-2023-1671

2023-04-0400:00:00

attackerkb.com

cve-2023-1671

sophos web appliance

command injection

pre-auth

vulnerability

arbitrary code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.962

Percentile

99.6%

JSON

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

packetstormsecurity.com/files/172016/Sophos-Web-Appliance-4.3.10.4-Command-Injection.html

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1671

github.com/ohnonoyesyes/CVE-2023-1671

github.com/W01fh4cker/CVE-2023-1671-POC

www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.962

Percentile

99.6%

JSON

Related for AKB:1374837C-E67C-4C56-98AA-693EC0BA59D5