CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.6%
Added: 11/24/2023
CVE: CVE-2023-1671
Sophos Web Appliance is a web proxy providing HTTP security.
A vulnerability in **UsrBlocked.php**
allows remote attackers to inject arbitrary commands into an HTTP request.
Upgrade to Sophos Web Appliance 4.3.10.4 or higher.
<https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce>
<https://vulncheck.com/blog/cve-2023-1671-analysis>
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.6%