CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-12271

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score68.3070%
EPSS Percentile93.45th
Published2020年4月27日
Last Modified2025年11月7日

Vulnerability Description

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)

Affected Platforms (CPE)

💻
Sophos

Sfos

= 17.0
💻
Sophos

Sfos

= 17.1
💻
Sophos

Sfos

= 17.5
💻
Sophos

Sfos

= 18.0

References & Advisories

🔗 https://community.sophos.com/kb/en-us/135412
🔗 https://cwe.mitre.org/data/definitions/89.html
🔗 https://news.sophos.com/en-us/2020/04/26/asnarok/
🔗 https://community.sophos.com/kb/en-us/135412
🔗 https://cwe.mitre.org/data/definitions/89.html
🔗 https://news.sophos.com/en-us/2020/04/26/asnarok/
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12271

相关漏洞威胁

CVE-2021-252688.4

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older...

CVE-2017-180146.1

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated us...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...