CVE-2024-12729 | THREATINT

Description

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).

PUBLISHED Reserved 2024-12-17 | Published 2024-12-19 | Updated 2024-12-21 | Assigner Sophos

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

Any version before 21.0 MR1 (21.0.1)

affected

References

www.sophos.com/...ity-advisories/sophos-sa-20241219-sfos-rce

cve.org (CVE-2024-12729)

nvd.nist.gov (CVE-2024-12729)

Download JSON