← Volver a CVEs
CVE-2024-13973
MEDIUM6.8
Descripcion
A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.
Detalles CVE
Puntuacion CVSS v3.16.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueADJACENT_NETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado7/21/2025
Ultima modificacion11/17/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
sophos:firewallsophos:firewall_firmware
Debilidades (CWE)
CWE-89
Referencias
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce(security-alert@sophos.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.