9.8
CVE-2020-15069
- EPSS 66.81%
- Veröffentlicht 29.06.2020 18:15:12
- Zuletzt bearbeitet 03.04.2025 20:05:52
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sophos ≫ Xg Firewall Firmware Version >= 17.0 < 17.5
Sophos ≫ Xg Firewall Firmware Version17.5 Update-
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release1
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release10
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release11
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release12
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release3
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release4
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release5
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release6
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release7
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release8
Sophos ≫ Xg Firewall Firmware Version17.5 Updatemaintenance_release9
06.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Sophos XG Firewall Buffer Overflow Vulnerability
SchwachstelleSophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 66.81% | 0.985 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.