var-202209-0443
Vulnerability from variot
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. of Sophos firewall for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sophos Firewall is a firewall of British Sophos company. Attackers can use this vulnerability to upgrade the privilege from administrator to super administrator
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-0443",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "19.0"
},
{
"model": "firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "18.5"
},
{
"model": "firewall",
"scope": "lt",
"trust": 1.0,
"vendor": "sophos",
"version": "18.5"
},
{
"model": "firewall",
"scope": null,
"trust": 0.8,
"vendor": "\u30bd\u30d5\u30a9\u30b9",
"version": null
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bd\u30d5\u30a9\u30b9",
"version": "19.0"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bd\u30d5\u30a9\u30b9",
"version": null
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bd\u30d5\u30a9\u30b9",
"version": "18.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016526"
},
{
"db": "NVD",
"id": "CVE-2022-1807"
}
]
},
"cve": "CVE-2022-1807",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-1807",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1807",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1807",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-alert@sophos.com",
"id": "CVE-2022-1807",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1807",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-456",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016526"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-456"
},
{
"db": "NVD",
"id": "CVE-2022-1807"
},
{
"db": "NVD",
"id": "CVE-2022-1807"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. of Sophos firewall for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sophos Firewall is a firewall of British Sophos company. Attackers can use this vulnerability to upgrade the privilege from administrator to super administrator",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016526"
},
{
"db": "VULHUB",
"id": "VHN-422956"
},
{
"db": "VULMON",
"id": "CVE-2022-1807"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1807",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016526",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202209-456",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-422956",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1807",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422956"
},
{
"db": "VULMON",
"id": "CVE-2022-1807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016526"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-456"
},
{
"db": "NVD",
"id": "CVE-2022-1807"
}
]
},
"id": "VAR-202209-0443",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422956"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:53:03.191000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sophos Firewall SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207259"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-456"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422956"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016526"
},
{
"db": "NVD",
"id": "CVE-2022-1807"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-18-5-4"
},
{
"trust": 2.6,
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-19-0-1"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1807"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1807/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sophos-firewall-privilege-escalation-via-webadmin-39214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422956"
},
{
"db": "VULMON",
"id": "CVE-2022-1807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016526"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-456"
},
{
"db": "NVD",
"id": "CVE-2022-1807"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422956"
},
{
"db": "VULMON",
"id": "CVE-2022-1807"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016526"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-456"
},
{
"db": "NVD",
"id": "CVE-2022-1807"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-422956"
},
{
"date": "2022-09-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1807"
},
{
"date": "2023-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016526"
},
{
"date": "2022-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-456"
},
{
"date": "2022-09-07T18:15:08.647000",
"db": "NVD",
"id": "CVE-2022-1807"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-422956"
},
{
"date": "2022-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1807"
},
{
"date": "2023-10-04T09:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016526"
},
{
"date": "2022-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-456"
},
{
"date": "2022-09-12T18:38:29.497000",
"db": "NVD",
"id": "CVE-2022-1807"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-456"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "of Sophos \u00a0firewall\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016526"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-456"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.