Sophos Web Appliance Command Injection Vulnerability - 20231117002

Overview

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

What is the vulnerability?

CVE-2023-1671 - CVSS v3 Base Score: 9.8

What is vulnerable?

Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

The vulnerability affects the following products:

• Sophos Web Appliance Appliance older than version 4.3.10.4

What has been observed?

There is evidence of active exploitation and the vulnerability was added to the CISA Known Exploited Vulnerabilities Catalog on 2023-11-16.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):

• Sophos Web Appliance 4.3.10.4 Resolves Security Vulnerabilities

Additional References

• Sophos Web Appliance 4.3.10.4 Resolves Security Vulnerabilities
• Sophos Web Appliance 4.3.10.4 Command Injection