返回 CVE 浏览器

CVE-2017-18014

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.1200%

EPSS Percentile18.28th

Published2018年1月12日

Last Modified2024年11月21日

Vulnerability Description

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request.

Affected Platforms (CPE)

💻

Sophos

Sfos

<= 17.0

💻

Sophos

Sfos

= 17.0

💻

Sophos

Sfos

= 17.0

💻

Sophos

Sfos

= 17.0

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Jan/24

🔗 https://blogs.securiteam.com/index.php/archives/3612

🔗 https://community.sophos.com/kb/en-us/128024

🔗 https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-0-3-mr3-released

🔗 http://seclists.org/fulldisclosure/2018/Jan/24

🔗 https://blogs.securiteam.com/index.php/archives/3612

🔗 https://community.sophos.com/kb/en-us/128024

🔗 https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-0-3-mr3-released

相关漏洞威胁

CVE-2020-122719.8

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited i...

CVE-2021-252688.4

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...