Vulnerabilities > Sophos > Sfos > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-1040 Unspecified vulnerability in Sophos Sfos
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
network
low complexity
sophos
critical
9.8
2020-04-27 CVE-2020-12271 SQL Injection vulnerability in Sophos Sfos
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020.
network
low complexity
sophos CWE-89
critical
9.8
2019-06-20 CVE-2018-16117 OS Command Injection vulnerability in Sophos Sfos 17.1
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
network
low complexity
sophos CWE-78
critical
9.0
2019-06-20 CVE-2018-16118 OS Command Injection vulnerability in Sophos Sfos
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
network
sophos CWE-78
critical
9.3