Vulnerability CVE-2023-1671


Published: 2023-04-04

Description:
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Sophos Web Appliance 4.3.10.4 Pre-auth command injection
Behnam Abasi Van...
25.04.2023

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce

Copyright 2024, cxsecurity.com

 

Back to Top