SQL injection in Sophos Firewall

#VU67802 SQL injection in Sophos Firewall

Published: 2022-10-03

Vulnerability identifier: #VU67802

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1807

CWE-ID: CWE-89

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Sophos Firewall
Hardware solutions / Security hardware applicances

Vendor: Sophos

Description

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in Webadmin. A remote privileged user can send a specially crafted request to the affected application and escalate privileges to super-admin.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Sophos Firewall: 18.5.0 - 19.0.0

External links
http://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-18-5-4
http://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-19-0-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multuiple vulnerabilities in Sophos Firewall