Vulnerabilities > Sophos > XG Firewall > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-20 | CVE-2018-16117 | OS Command Injection vulnerability in Sophos Sfos 17.1 A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter. | 9.0 |
| 2019-06-20 | CVE-2018-16118 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | 9.3 |