9.8 - CVE-2020-25223

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2020-25223	First vendor Publication	2020-09-25
Vendor	Cve	Last vendor Modification	2025-04-03

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	9.8
Base Score	9.8	Environmental Score	9.8
impact SubScore	5.9	Temporal Score	9.8
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

%	Id	Name
100 %	CWE-78	Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

Type	Description	Count
Application	Sophos Unified Threat Management cpe:2.3:a:sophos:unified_threat_management:9.705:-:::::: cpe:2.3:a:sophos:unified_threat_management:9.607:-:::::: cpe:2.3:a:sophos:unified_threat_management:9.511:-:::::: cpe:2.3:a:sophos:unified_threat_management::::::::	4

Description	Link
Sophos UTM Webadmin remote command execution	More info here

id	Description
2020-09-18	Sophos UTM WebAdmin SID Command Injection

Source	Url

If you want to see full details history, please login or register.