Tuesday, May 20, 2025
HomeCyber Security NewsSophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code

Sophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code

Published on

SIEM as a Service

Follow Us on Google News

Sophos has released a new security advisory that has fixed 3 of its significant vulnerabilities, allowing threat actors to execute arbitrary code injection on Sophos Web Appliance (SWA).

CVE(s):

CVE-2023-1671 – Pre-Auth Command Injection in Sophos Web Appliance

CVSS Score: 9.8 (Critical)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- Advertisement - Google News

This vulnerability exists on the warn-proceed handler, allowing threat actors to execute arbitrary code. An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

CVE-2022-4934 – Post-Auth Command Injection in Sophos Web Appliance

CVSS Score: 7.2 (High)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

This vulnerability exists on the exception wizard handler, allowing administrators to execute arbitrary code. An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

CVE-2020-36692 – Reflected XSS via POST method in Sophos Web Appliance

CVSS Score: 5.4 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

This vulnerability exists on the report scheduler, allowing threat actors to execute Javascript code on the victim’s browser. To exploit this vulnerability, a threat actor must trick a victim into submitting a malicious form on any compromised website.

In contrast, the victim is logged on to Sophos Web Appliance.  An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

Recommendations:

  • Sophos has released patches to fix these vulnerabilities, which no longer need customer interaction since they are automatically updated.
  • Sophos has also requested to keep Sophos Web Appliance protected from exposing to the internet

Release Notes:

Work OrderDescription
NSWA-1689Resolved an XSS vulnerability in the report scheduler (CVE-2020-36692).
NSWA-1756Resolved a vulnerability in the exception wizard (CVE-2022-4934).
NSWA-1763Resolved a vulnerability in the warning page handler (CVE-2023-1671).

Struggling to Apply The Security Patch in Your System? – 

Related Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Accenture Files Leak – New Research Reveals Projects Controlling Billions of User Data

A new research report released today by Progressive International, Expose Accenture, and the Movement...

Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced...

More_Eggs Malware Uses Job Application Emails to Distribute Malicious Payloads

The More_Eggs malware, operated by the financially motivated Venom Spider group (also known as...

RedisRaider Campaign Targets Linux Servers by Exploiting Misconfigured Redis Instances

Datadog Security Research has uncovered a formidable new cryptojacking campaign dubbed "RedisRaider," specifically targeting...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Accenture Files Leak – New Research Reveals Projects Controlling Billions of User Data

A new research report released today by Progressive International, Expose Accenture, and the Movement...

Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced...

More_Eggs Malware Uses Job Application Emails to Distribute Malicious Payloads

The More_Eggs malware, operated by the financially motivated Venom Spider group (also known as...