Sunday, July 14, 2024
EHA

Sophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code

Sophos has released a new security advisory that has fixed 3 of its significant vulnerabilities, allowing threat actors to execute arbitrary code injection on Sophos Web Appliance (SWA).

CVE(s):

CVE-2023-1671 – Pre-Auth Command Injection in Sophos Web Appliance

CVSS Score: 9.8 (Critical)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This vulnerability exists on the warn-proceed handler, allowing threat actors to execute arbitrary code. An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

CVE-2022-4934 – Post-Auth Command Injection in Sophos Web Appliance

CVSS Score: 7.2 (High)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

This vulnerability exists on the exception wizard handler, allowing administrators to execute arbitrary code. An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

CVE-2020-36692 – Reflected XSS via POST method in Sophos Web Appliance

CVSS Score: 5.4 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

This vulnerability exists on the report scheduler, allowing threat actors to execute Javascript code on the victim’s browser. To exploit this vulnerability, a threat actor must trick a victim into submitting a malicious form on any compromised website.

In contrast, the victim is logged on to Sophos Web Appliance.  An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

Recommendations:

  • Sophos has released patches to fix these vulnerabilities, which no longer need customer interaction since they are automatically updated.
  • Sophos has also requested to keep Sophos Web Appliance protected from exposing to the internet

Release Notes:

Work OrderDescription
NSWA-1689Resolved an XSS vulnerability in the report scheduler (CVE-2020-36692).
NSWA-1756Resolved a vulnerability in the exception wizard (CVE-2022-4934).
NSWA-1763Resolved a vulnerability in the warning page handler (CVE-2023-1671).

Struggling to Apply The Security Patch in Your System? – 

Related Read:

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles