cvelistv5 - CVE-2022-3236

CVE-2022-3236 (GCVE-0-2022-3236)

Vulnerability from cvelistv5

Published

2022-09-23 12:50

Modified

2025-10-21 23:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

References

URL

Tags

security-alert@sophos.com	https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236	US Government Resource

Impacted products

	Vendor	Product	Version
	Sophos	Sophos Firewall	Version: unspecified < Version: unspecified <

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-09-23

Due date: 2022-10-14

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce; https://nvd.nist.gov/vuln/detail/CVE-2022-3236

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3236",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T21:40:50.761466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-09-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236"
              },
              "type": "kev"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:34.699Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-09-23T00:00:00+00:00",
            "value": "CVE-2022-3236 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sophos Firewall",
          "vendor": "Sophos",
          "versions": [
            {
              "lessThanOrEqual": "18.5 MR4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "19.0 MR1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-23T12:50:13.000Z",
        "orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
        "shortName": "Sophos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@sophos.com",
          "ID": "CVE-2022-3236",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Sophos Firewall",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "18.5 MR4"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "19.0 MR1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sophos"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce",
              "refsource": "CONFIRM",
              "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
    "assignerShortName": "Sophos",
    "cveId": "CVE-2022-3236",
    "datePublished": "2022-09-23T12:50:13.000Z",
    "dateReserved": "2022-09-17T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:34.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-3236",
      "cwes": "[\"CWE-94\"]",
      "dateAdded": "2022-09-23",
      "dueDate": "2022-10-14",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce;  https://nvd.nist.gov/vuln/detail/CVE-2022-3236",
      "product": "Firewall",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.",
      "vendorProject": "Sophos",
      "vulnerabilityName": "Sophos Firewall Code Injection Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-3236\",\"sourceIdentifier\":\"security-alert@sophos.com\",\"published\":\"2022-09-23T13:15:10.327\",\"lastModified\":\"2025-10-27T17:00:44.353\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en User Portal and Webadmin permite a un atacante remoto ejecutar c\u00f3digo en Sophos Firewall versiones v19.0 MR1 y anteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-alert@sophos.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2022-09-23\",\"cisaActionDue\":\"2022-10-14\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Sophos Firewall Code Injection Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sophos:firewall:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"19.0.1\",\"matchCriteriaId\":\"666EACE3-6C5C-4CB8-A174-42010E17C539\"}]}]}],\"references\":[{\"url\":\"https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce\",\"source\":\"security-alert@sophos.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Sophos Firewall\", \"vendor\": \"Sophos\", \"versions\": [{\"lessThanOrEqual\": \"18.5 MR4\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}, {\"lessThanOrEqual\": \"19.0 MR1\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"n/a\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-09-23T12:50:13.000Z\", \"orgId\": \"526a354d-e866-4174-ae7d-bac848e5c4c5\", \"shortName\": \"Sophos\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"security-alert@sophos.com\", \"ID\": \"CVE-2022-3236\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Sophos Firewall\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c=\", \"version_value\": \"18.5 MR4\"}, {\"version_affected\": \"\u003c=\", \"version_value\": \"19.0 MR1\"}]}}]}, \"vendor_name\": \"Sophos\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.\"}]}, \"impact\": {\"cvss\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce\", \"refsource\": \"CONFIRM\", \"url\": \"https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:00:10.526Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce\"}]}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3236\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T21:40:50.761466Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-09-23\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236\"}}}, {\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T21:41:04.379Z\"}, \"timeline\": [{\"time\": \"2022-09-23T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2022-3236 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"assignerOrgId\": \"526a354d-e866-4174-ae7d-bac848e5c4c5\", \"assignerShortName\": \"Sophos\", \"cveId\": \"CVE-2022-3236\", \"datePublished\": \"2022-09-23T12:50:13.000Z\", \"dateReserved\": \"2022-09-17T00:00:00.000Z\", \"dateUpdated\": \"2025-10-21T19:45:58.706Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2022-3236

Vulnerability from fkie_nvd

Published

2022-09-23 13:15

Modified

2025-10-27 17:00

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

References

URL	Tags
security-alert@sophos.com	https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236	US Government Resource

Impacted products

	Vendor	Product	Version
	sophos	firewall	*

JSON

To clipboard

{
  "cisaActionDue": "2022-10-14",
  "cisaExploitAdd": "2022-09-23",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Sophos Firewall Code Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sophos:firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "666EACE3-6C5C-4CB8-A174-42010E17C539",
              "versionEndIncluding": "19.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en User Portal and Webadmin permite a un atacante remoto ejecutar c\u00f3digo en Sophos Firewall versiones v19.0 MR1 y anteriores."
    }
  ],
  "id": "CVE-2022-3236",
  "lastModified": "2025-10-27T17:00:44.353",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-alert@sophos.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-09-23T13:15:10.327",
  "references": [
    {
      "source": "security-alert@sophos.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236"
    }
  ],
  "sourceIdentifier": "security-alert@sophos.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

wid-sec-w-2022-2217

Vulnerability from csaf_certbund

Published

2022-12-01 23:00

Modified

2022-12-07 23:00

Summary

Sophos Firewall: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Sophos Firewall ist die Firewall-Software für Sophos Appliances.

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Sophos Firewall ausnutzen, um beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen oder Dateien zu manipulieren.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Sophos Firewall ist die Firewall-Software f\u00fcr Sophos Appliances.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Sophos Firewall ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-2217 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2217.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-2217 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2217"
      },
      {
        "category": "external",
        "summary": "Sophos Security Advisory  vom 2022-12-01",
        "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
      }
    ],
    "source_lang": "en-US",
    "title": "Sophos Firewall: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2022-12-07T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:39:06.888+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-2217",
      "initial_release_date": "2022-12-01T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-12-01T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-12-07T23:00:00.000+00:00",
          "number": "2",
          "summary": "Korrektur"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Sophos Firewall \u003c v19.5.0",
            "product": {
              "name": "Sophos Firewall \u003c v19.5.0",
              "product_id": "T025464",
              "product_identification_helper": {
                "cpe": "cpe:/a:sophos:firewall:v19.5.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Sophos"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-3226",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3226"
    },
    {
      "cve": "CVE-2022-3236",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3236"
    },
    {
      "cve": "CVE-2022-3696",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3696"
    },
    {
      "cve": "CVE-2022-3709",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3709"
    },
    {
      "cve": "CVE-2022-3710",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3710"
    },
    {
      "cve": "CVE-2022-3711",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3711"
    },
    {
      "cve": "CVE-2022-3713",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3713"
    }
  ]
}

WID-SEC-W-2022-2217

Vulnerability from csaf_certbund

Published

2022-12-01 23:00

Modified

2022-12-07 23:00

Summary

Sophos Firewall: Mehrere Schwachstellen

Notes

Produktbeschreibung

Sophos Firewall ist die Firewall-Software für Sophos Appliances.

Angriff

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Sophos Firewall ist die Firewall-Software f\u00fcr Sophos Appliances.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Sophos Firewall ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-2217 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2217.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-2217 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2217"
      },
      {
        "category": "external",
        "summary": "Sophos Security Advisory  vom 2022-12-01",
        "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0"
      }
    ],
    "source_lang": "en-US",
    "title": "Sophos Firewall: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2022-12-07T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:39:06.888+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-2217",
      "initial_release_date": "2022-12-01T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-12-01T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-12-07T23:00:00.000+00:00",
          "number": "2",
          "summary": "Korrektur"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Sophos Firewall \u003c v19.5.0",
            "product": {
              "name": "Sophos Firewall \u003c v19.5.0",
              "product_id": "T025464",
              "product_identification_helper": {
                "cpe": "cpe:/a:sophos:firewall:v19.5.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Sophos"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-3226",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3226"
    },
    {
      "cve": "CVE-2022-3236",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3236"
    },
    {
      "cve": "CVE-2022-3696",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3696"
    },
    {
      "cve": "CVE-2022-3709",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3709"
    },
    {
      "cve": "CVE-2022-3710",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3710"
    },
    {
      "cve": "CVE-2022-3711",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3711"
    },
    {
      "cve": "CVE-2022-3713",
      "notes": [
        {
          "category": "description",
          "text": "In Sophos Firewall existieren mehrere Schwachstellen. Es handelt sich um mehrere Anf\u00e4lligkeiten f\u00fcr verschiedene Remote-Code-Execution-Angriffe, eine Verwundbarkeit f\u00fcr einen XSS-Angriff sowie potenzielle SQL-Injections. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder Dateien zu manipulieren. F\u00fcr einen Teil dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2022-12-01T23:00:00.000+00:00",
      "title": "CVE-2022-3713"
    }
  ]
}

CERTFR-2022-AVI-853

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Sophos Firewall. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Sophos indique que la vulnérabilité CVE-2022-3236 est activement exploitée dans le cadre d'attaques ciblées.

De plus, le portail utilisateur ainsi que l'interface de gestion ne devraient pas être accessibles sur Internet.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Sophos Firewall versions antérieures à v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2) et v19.5 GA
Sophos Firewall versions v19.0 GA, MR1 et MR1-1 sans le correctif de sécurité du 21 septembre 2022
Sophos Firewall versions v18.5 GA, MR1, MR1-1, MR2, MR3 et MR4 sans le correctif de sécurité du 21 septembre 2022
Sophos Firewall versions v18.0 MR3, MR4, MR5 et MR6 sans le correctif de sécurité du 23 septembre 2022
Sophos Firewall versions v17.5 MR12, MR13, MR14, MR15, MR16 et MR17 sans le correctif de sécurité du 23 septembre 2022
Sophos Firewall version v17.0 MR10 sans le correctif de sécurité du 23 septembre 2022

Sophos indique que, par défaut, les pare-feux se mettent à jour automatiquement.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Sophos sophos-sa-20220923-sfos-rce du 23 septembre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eSophos Firewall versions ant\u00e9rieures \u00e0\u00a0v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2) et v19.5 GA\u003c/li\u003e \u003cli\u003eSophos Firewall versions\u00a0v19.0 GA, MR1 et MR1-1 sans le correctif de s\u00e9curit\u00e9 du 21 septembre 2022\u003c/li\u003e \u003cli\u003eSophos Firewall versions v18.5 GA, MR1, MR1-1, MR2, MR3 et MR4\u00a0sans le correctif de s\u00e9curit\u00e9 du 21 septembre 2022\u003c/li\u003e \u003cli\u003eSophos Firewall versions v18.0 MR3, MR4, MR5 et MR6\u00a0sans le correctif de s\u00e9curit\u00e9 du 23 septembre 2022\u003c/li\u003e \u003cli\u003eSophos Firewall versions\u00a0v17.5 MR12, MR13, MR14, MR15, MR16 et MR17\u00a0sans le correctif de s\u00e9curit\u00e9 du 23 septembre 2022\u003c/li\u003e \u003cli\u003eSophos Firewall version v17.0 MR10\u00a0sans le correctif de s\u00e9curit\u00e9 du 23 septembre 2022\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSophos indique que, par d\u00e9faut, les pare-feux se mettent \u00e0 jour automatiquement.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-3236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3236"
    }
  ],
  "initial_release_date": "2022-09-26T00:00:00",
  "last_revision_date": "2023-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-853",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-26T00:00:00.000000"
    },
    {
      "description": "Correction coquille.",
      "revision_date": "2023-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Sophos Firewall. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n\nSophos indique que la vuln\u00e9rabilit\u00e9\u00a0CVE-2022-3236 est activement\nexploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\n\nDe plus, le portail utilisateur ainsi que l\u0027interface de gestion ne\ndevraient pas \u00eatre accessibles sur Internet.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Sophos Firewall",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sophos sophos-sa-20220923-sfos-rce du 23 septembre 2022",
      "url": "https://www.sophos.com/fr-fr/security-advisories/sophos-sa-20220923-sfos-rce"
    }
  ]
}

CERTFR-2022-AVI-1077

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Sophos Firewall. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Sophos	N/A	Sophos Firewall versions antérieures à 19.5 GA (19.5.0)

References

Title

Publication Time

Tags

Bulletin de sécurité Sophos sophos-sa-20221201-sfos-19-5-0 du 01 décembre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sophos Firewall versions ant\u00e9rieures \u00e0 19.5 GA (19.5.0)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sophos",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-3711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3711"
    },
    {
      "name": "CVE-2022-3236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3236"
    },
    {
      "name": "CVE-2022-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3710"
    },
    {
      "name": "CVE-2022-3226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3226"
    },
    {
      "name": "CVE-2022-3696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3696"
    },
    {
      "name": "CVE-2022-3709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3709"
    },
    {
      "name": "CVE-2022-3713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3713"
    }
  ],
  "initial_release_date": "2022-12-05T00:00:00",
  "last_revision_date": "2022-12-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-1077",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Sophos Firewall.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Sophos Firewall",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sophos sophos-sa-20221201-sfos-19-5-0 du 01 d\u00e9cembre 2022",
      "url": "https://www.sophos.com/fr-fr/security-advisories/sophos-sa-20221201-sfos-19-5-0"
    }
  ]
}

gsd-2022-3236

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

Aliases

CVE-2022-3236

Aliases

CVE-2022-3236

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-3236",
    "id": "GSD-2022-3236"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-3236"
      ],
      "details": "A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.",
      "id": "GSD-2022-3236",
      "modified": "2023-12-13T01:19:39.701607Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-alert@sophos.com",
        "ID": "CVE-2022-3236",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Sophos Firewall",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "18.5 MR4"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "19.0 MR1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Sophos"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce",
            "refsource": "CONFIRM",
            "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sophos:firewall:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "19.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@sophos.com",
          "ID": "CVE-2022-3236"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-09-28T19:11Z",
      "publishedDate": "2022-09-23T13:15Z"
    }
  }
}

ghsa-jv5x-4hfr-x3p5

Vulnerability from github

Published

2022-09-25 00:00

Modified

2025-10-22 00:32

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-3236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-23T13:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.",
  "id": "GHSA-jv5x-4hfr-x3p5",
  "modified": "2025-10-22T00:32:36Z",
  "published": "2022-09-25T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3236"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3236"
    },
    {
      "type": "WEB",
      "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-202209-1931

Vulnerability from variot

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. (DoS) It may be in a state

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1931",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firewall",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sophos",
        "version": "19.0.1"
      },
      {
        "model": "firewall",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30bd\u30d5\u30a9\u30b9",
        "version": "19.0.1  and earlier"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30bd\u30d5\u30a9\u30b9",
        "version": null
      },
      {
        "model": "firewall",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30bd\u30d5\u30a9\u30b9",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-3236"
      }
    ]
  },
  "cve": "CVE-2022-3236",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-3236",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-3236",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-3236",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "security-alert@sophos.com",
            "id": "CVE-2022-3236",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-3236",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202209-2368",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2368"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-3236"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-3236"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-3236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      },
      {
        "db": "VULHUB",
        "id": "VHN-430846"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-3236",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017940",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2368",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-430846",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-430846"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2368"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-3236"
      }
    ]
  },
  "id": "VAR-202209-1931",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-430846"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T13:42:24.644000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Sophos Firewall Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209421"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2368"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.0
      },
      {
        "problemtype": "Code injection (CWE-94) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-74",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-430846"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-3236"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3236"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-3236/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/sophos-firewall-code-execution-via-user-portal-webadmin-39358"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-430846"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2368"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-3236"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-430846"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2368"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-3236"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-430846"
      },
      {
        "date": "2023-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      },
      {
        "date": "2022-09-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-2368"
      },
      {
        "date": "2022-09-23T13:15:10.327000",
        "db": "NVD",
        "id": "CVE-2022-3236"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-430846"
      },
      {
        "date": "2023-10-17T08:05:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      },
      {
        "date": "2022-09-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-2368"
      },
      {
        "date": "2023-08-08T14:21:49.707000",
        "db": "NVD",
        "id": "CVE-2022-3236"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2368"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "of Sophos \u00a0firewall\u00a0 Code injection vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017940"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2368"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2022-88208

Vulnerability from cnvd

Title

Sophos Firewall代码执行漏洞

Description

Sophos Firewall是英国Sophos公司的一款防火墙。 Sophos Firewall 19.0.1及其之前版本存在代码执行漏洞，该漏洞User Portal and Webadmin中未能正确过滤构造代码段的特殊元素。攻击者可利用漏洞导致任意代码执行。

Severity

高

Patch Name

Sophos Firewall代码执行漏洞的补丁

Patch Description

Sophos Firewall是英国Sophos公司的一款防火墙。 Sophos Firewall 19.0.1及其之前版本存在代码执行漏洞，该漏洞User Portal and Webadmin中未能正确过滤构造代码段的特殊元素。攻击者可利用漏洞导致任意代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Reference

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Impacted products

Name
Sophos Sophos Firewall <=19.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-3236",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-3236"
    }
  },
  "description": "Sophos Firewall\u662f\u82f1\u56fdSophos\u516c\u53f8\u7684\u4e00\u6b3e\u9632\u706b\u5899\u3002\n\nSophos Firewall 19.0.1\u53ca\u5176\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1eUser Portal and Webadmin\u4e2d\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-88208",
  "openTime": "2022-12-17",
  "patchDescription": "Sophos Firewall\u662f\u82f1\u56fdSophos\u516c\u53f8\u7684\u4e00\u6b3e\u9632\u706b\u5899\u3002\r\n\r\nSophos Firewall 19.0.1\u53ca\u5176\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1eUser Portal and Webadmin\u4e2d\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sophos Firewall\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Sophos Sophos Firewall \u003c=19.0.1"
  },
  "referenceLink": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce",
  "serverity": "\u9ad8",
  "submitTime": "2022-09-28",
  "title": "Sophos Firewall\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-3236 (GCVE-0-2022-3236)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Vulnerability from fkie_nvd

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from gsd

Vulnerability from github

Vulnerability from variot

Vulnerability from cnvd

Tags

Sightings

Nomenclature