9.8

CVE-2020-11503

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SophosSfos Version < 17.5
   SophosXg Firewall Version-
SophosSfos Version17.5 Update-
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release1
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release10
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release11
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release2
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release3
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release4
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release5
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release6
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release7
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release8
   SophosXg Firewall Version-
SophosSfos Version17.5 Updatemaintenance_release9
   SophosXg Firewall Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.521
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.