A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/172016/Sophos-Web-Appliance-4.3.10.4-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Sophos
Published: 2023-04-04T00:00:00
Updated: 2023-04-26T00:00:00
Reserved: 2023-03-28T00:00:00
Link: CVE-2023-1671
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-04T10:15:07.197
Modified: 2024-06-17T13:34:08.803
Link: CVE-2023-1671
JSON object: View
Redhat Information
No data.
CWE