CVE-2020-15504 - OpenCVE

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sophos	Xg Firewall Firmware

Configuration 1 [-]

OR	cpe:2.3:o:sophos:xg_firewall_firmware::::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:18.0:-::::::
	cpe:2.3:o:sophos:xg_firewall_firmware:18.0:maintenance_release1::::::

References

Link	Resource
https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-10T16:55:15

Updated: 2020-07-10T16:55:15

Reserved: 2020-07-02T00:00:00

Link: CVE-2020-15504

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-07-10T17:15:10.817

Modified: 2020-07-14T21:04:59.463

Link: CVE-2020-15504

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-10T16:55:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15504", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504", "refsource": "CONFIRM", "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15504", "datePublished": "2020-07-10T16:55:15", "dateReserved": "2020-07-02T00:00:00", "dateUpdated": "2020-07-10T16:55:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "63DDC3B1-5437-41C6-8706-5768F7E32C38", "versionEndIncluding": "17.5", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1:*:*:*:*:*:*", "matchCriteriaId": "2AB6515B-F780-4B1B-BD1E-2EBEFCA09E4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10:*:*:*:*:*:*", "matchCriteriaId": "2AD1DF62-D9CF-40BD-B9F0-D66D8CF497A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11:*:*:*:*:*:*", "matchCriteriaId": "FF3BC5B5-9440-4B70-BD38-A7ABDE8EDF82", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12:*:*:*:*:*:*", "matchCriteriaId": "CF5A6965-C9DA-4D96-ABCC-2FA424B53C3C", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3:*:*:*:*:*:*", "matchCriteriaId": "9A73BC58-7D57-4699-8C1A-F260CA6893ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4:*:*:*:*:*:*", "matchCriteriaId": "70FF0E57-77CA-4DC1-94EB-8728AAECE268", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5:*:*:*:*:*:*", "matchCriteriaId": "7B791A90-1286-4CBF-ADCE-E0B9D128DEB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6:*:*:*:*:*:*", "matchCriteriaId": "8A9EAA0D-D5A1-41C1-9EA1-9B4CFA0F8C4E", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7:*:*:*:*:*:*", "matchCriteriaId": "D3BD6BB0-8D01-4B33-8989-D424ABE9453D", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8:*:*:*:*:*:*", "matchCriteriaId": "496397CE-77F5-4773-A1AC-A05D34C697E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9:*:*:*:*:*:*", "matchCriteriaId": "4A3FA1DC-64AF-4557-B9EC-E1A0A07FACB5", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:-:*:*:*:*:*:*", "matchCriteriaId": "66BCC2C8-DDBD-4AF7-807A-BC9F5D4AC6E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:maintenance_release1:*:*:*:*:*:*", "matchCriteriaId": "5855684F-6505-4B4E-AF65-5E3CECD4CC25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n SQL en las interfaces web de usuario y administrador de Sophos XG Firewall versiones v18.0 MR1 y anteriores, permite potencialmente a un atacante ejecutar c\u00f3digo arbitrario remotamente. La correcci\u00f3n est\u00e1 incorporada en el relanzamiento de XG Firewall versi\u00f3n v18 MR-1 (llamado MR-1-Build396) y la versi\u00f3n v17.5 MR13. Todas las dem\u00e1s versiones superiores a 17.0 incluy\u00e9ndola, han recibido una revisi\u00f3n"}], "id": "CVE-2020-15504", "lastModified": "2020-07-14T21:04:59.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-10T17:15:10.817", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}