Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical

Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw that can lead to code execution.

Cybersecurity vendor Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw, tracked as CVE-2023-1671 (CVSS score of 9.8), that can lead to code execution.

The CVE-2023-1671 flaw is a pre-auth command injection issue that resides in the warn-proceed handler, it affects appliances older than version 4.3.10.4.

The company also addressed a high-severity code execution issue, tracked as CVE-2022-4934. The issue is a post-auth command injection vulnerability that resides in the exception wizard, it can allow administrators to execute arbitrary code.

The vendor also fixed a medium-severity reflected cross-site scripting (XSS) vulnerability tracked as CVE-2020-36692. An attacker can exploit the vulnerability to execute JavaScript code in the victim’s browser.

The attacker can trigger the flaw by tricking the victim into submitting a malicious form on an attacker-controlled website while logged into Sophos Web Appliance.

All the above vulnerabilities were discovered and responsibly disclosed to Sophos by external security researchers via the Sophos bug bounty program.

Sophos Web Appliance will reach end-of-life (EoL) status on July 20, 2023. The company recommends customers replace the appliances with Sophos Firewall.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

The Teacher – Most Educational Blog
The Entertainer – Most Entertaining Blog
The Tech Whizz – Best Technical Blog
Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Sophos)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Next SD Worx shuts down UK and Ireland services after cyberattack »

Previous « Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Published by

Pierluigi Paganini

Tags: hacking newsinformation security newsIT Information SecurityPierluigi PaganiniSecurity AffairsSecurity NewsSophosSophos Web Appliance

2 years ago

Coinbase data breach impacted 69,461 individuals

Cryptocurrency exchange Coinbase announced that the recent data breach exposed data belonging to 69,461 individuals.…

3 hours ago

Security

U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output…

6 hours ago

Uncategorized

A critical flaw in OpenPGP.js lets attackers spoof message signatures

A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have…

8 hours ago

Data Breach

SK Telecom revealed that malware breach began in 2022

South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April…

11 hours ago

Hacking

4G Calling (VoLTE) flaw allowed to locate any O2 customer with a phone call

A flaw in O2 4G Calling (VoLTE) leaked user location data via network responses due…

22 hours ago

Malware

China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks

China-linked UnsolicitedBooker used a new backdoor, MarsSnake, to target an international organization in Saudi Arabia.…

1 day ago