Russian Vulnerability Scanner Database

Back to List

BDU:2023-00988

Scores

EPSS Score

0.0000

CVSS

3.x 9.8

Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
9.8

Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

Уязвимость компонента WebAdmin аппаратно-программного средства защиты от сетевых угроз Sophos SG UTM (Unified Thread Management) связана с непринятием мер по нейтрализации специальных элементов, используемых в командах операционной системы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнять произвольные команды

Sources

bdu

Related Vulnerabilities

CVE-2020-25223

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25223
http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html
https://community.sophos.com/b/security-blog
https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223
https://cwe.mitre.org/data/definitions/78.html
https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

Vulnerable Software

Type: Configuration

Vendor: sophos ltd.

Product: sophos sg utm (unified thread management)

Operating System: * *

Trait: 
{
  "version_end_excluding": "9.511 MR11"
}

Source: bdu

Type: Configuration

Vendor: sophos ltd.

Product: sophos sg utm (unified thread management)

Operating System: * *

Trait: 
{
  "version_end_excluding": "9.705 MR5"
}

Source: bdu

Type: Configuration

Vendor: sophos ltd.

Product: sophos sg utm (unified thread management)

Operating System: * *

Trait: 
{
  "version_end_excluding": "9.607 MR7"
}

Source: bdu