Sophos Vulnerability - 20230411006¶
Overview¶
Sophos has released fixes for security issues identified in the Sophos Web Appliance.
What is the vulnerability?¶
CVE-2023-1671 - A pre-auth command injection vulnerability in the warn-proceed handler allowing execution of arbitrary code was discovered and responsibly disclosed to Sophos by an external security researcher via the Sophos bug bounty program.
CVE-2022-4934 - A post-auth command injection vulnerability in the exception wizard allowing administrators to execute arbitrary code was discovered and responsibly disclosed to Sophos by an external security researcher via the Sophos bug bounty program.
CVE-2020-36692 - A reflected XSS via POST vulnerability in report scheduler allowing execution of JavaScript code in the victim browser was discovered and responsibly disclosed to Sophos by an external researcher via the Sophos bug bounty program. The victim must be tricked into submitting a malicious form on an attacker-controlled website while logged in to SWA for the attack to succeed.
What is vulnerable?¶
The vulnerability affects the following products:
- Sophos Web Appliance (SWA) - versions prior to 4.3.10.4
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices.