Thursday, March 20, 2025
Follow us On Linkedin
HomeCyber Security NewsSophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code

Sophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code

Cyber Security NewsFirewall

Published on

By Gurubaran
Sophos Web Appliance Flaw

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Sophos has released a new security advisory that has fixed 3 of its significant vulnerabilities, allowing threat actors to execute arbitrary code injection on Sophos Web Appliance (SWA).

CVE(s):

CVE-2023-1671 – Pre-Auth Command Injection in Sophos Web Appliance

CVSS Score: 9.8 (Critical)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This vulnerability exists on the warn-proceed handler, allowing threat actors to execute arbitrary code. An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

CVE-2022-4934 – Post-Auth Command Injection in Sophos Web Appliance

CVSS Score: 7.2 (High)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

This vulnerability exists on the exception wizard handler, allowing administrators to execute arbitrary code. An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

CVE-2020-36692 – Reflected XSS via POST method in Sophos Web Appliance

CVSS Score: 5.4 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

This vulnerability exists on the report scheduler, allowing threat actors to execute Javascript code on the victim’s browser. To exploit this vulnerability, a threat actor must trick a victim into submitting a malicious form on any compromised website.

In contrast, the victim is logged on to Sophos Web Appliance.  An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

Recommendations:

  • Sophos has released patches to fix these vulnerabilities, which no longer need customer interaction since they are automatically updated.
  • Sophos has also requested to keep Sophos Web Appliance protected from exposing to the internet

Release Notes:

Work OrderDescription
NSWA-1689Resolved an XSS vulnerability in the report scheduler (CVE-2020-36692).
NSWA-1756Resolved a vulnerability in the exception wizard (CVE-2022-4934).
NSWA-1763Resolved a vulnerability in the warning page handler (CVE-2023-1671).

Struggling to Apply The Security Patch in Your System? – 

Related Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Dragon RaaS Leading “Five Families” Crimeware with New Initial Access & Exploitation Tactics

Dragon RaaS, a ransomware group known for its blend of hacktivism and cybercrime, has...
cyber security

Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Surge by 130%

Menlo Security, a leader in Secure Enterprise Browsers, has released its annual State of...
cyber security

Babuk2 Ransomware Issues Fake Extortion Demands Using Data from Old Breaches

Recent investigations by the Halcyon RISE Team have uncovered a concerning trend in the...
cyber security

Massive “DollyWay” Malware Attack Compromises 20,000+ WordPress Sites Worldwide

A significant malware operation, dubbed "DollyWay," has been uncovered by GoDaddy Security researchers, revealing...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

cyber security

Dragon RaaS Leading “Five Families” Crimeware with New Initial Access & Exploitation Tactics

Dragon RaaS, a ransomware group known for its blend of hacktivism and cybercrime, has...
cyber security

Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Surge by 130%

Menlo Security, a leader in Secure Enterprise Browsers, has released its annual State of...
cyber security

Babuk2 Ransomware Issues Fake Extortion Demands Using Data from Old Breaches

Recent investigations by the Halcyon RISE Team have uncovered a concerning trend in the...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved