CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
95.5%
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
Recent assessments:
cbeek-r7 at September 06, 2024 6:10pm UTC reported:
On September 5th 2024, CISA released a security bulletin highlighting the cyber-attacks from a Russian actor. In this bulletin CISA confirmed and stated that this vulnerability was abused by the actor to bypass authentication and gain initial access.
Source: <https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a>
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 4
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
95.5%