CVE-2022-1040

Warnung

Exploit

EPSS 94.44%
Veröffentlicht 25.03.2022 12:15:07
Zuletzt bearbeitet 27.10.2025 17:01:03
Quelle security-alert@sophos.com
CVE-Watchlists
Login
Unerledigt
Login

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sophos ≫ Sfos Version <= 18.5.3

31.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Sophos Firewall Authentication Bypass Vulnerability

Schwachstelle

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.44%	1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security-alert@sophos.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H