CVE-2024-13974 | THREATINT

Description

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.

PUBLISHED Reserved 2025-07-14 | Published 2025-07-21 | Updated 2025-07-21 | Assigner Sophos

HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-807 Reliance on Untrusted Inputs in a Security Decision

Product status

Default status

unaffected

Any version before 21.0 MR1 (21.0.1)

affected

Credits

The UK's National Cyber Security Centre (NCSC) finder

References

www.sophos.com/...ity-advisories/sophos-sa-20250721-sfos-rce

cve.org (CVE-2024-13974)

nvd.nist.gov (CVE-2024-13974)

Download JSON