February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Eternity Stealer: Eternity Malware Project – Active IOCs
April 11, 2023Rewterz Threat Alert – Update On Threat Actors Targeting Pakistani Bank Customers Using Fake Calls
April 11, 2023Rewterz Threat Alert – Eternity Stealer: Eternity Malware Project – Active IOCs
April 11, 2023Rewterz Threat Alert – Update On Threat Actors Targeting Pakistani Bank Customers Using Fake Calls
April 11, 2023
Severity
High
Analysis Summary
CVE-2023-1671 CVSS:9.8
Sophos Web Appliance could allow a remote attacker to execute arbitrary code on the system, caused by a pre-auth command injection flaw in the warn-proceed handler. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2020-36692 CVSS:6.5
Sophos Web Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the report scheduler. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-4934 CVSS:7.2
Sophos Web Appliance could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a pre-auth command injection flaw in the exception wizard. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-1671
- CVE-2020-36692
- CVE-2022-4934
Affected Vendors
Sophos
Affected Products
- Sophos Web Appliance 4.3.10
Remediation
Upgrade to the latest version of Sophos Web Appliance, available from the Sophos Website.