ГлавнаяУязвимости → CVE-2024-12727
9.8критическая

CVE-2024-12727

Описание

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.

Затрагиваемое ПО
Sophos Firewall firmwareSophos Firewall
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce