Sophos Addresses Critical Code Execution Vulnerability in Web Security Appliance

April 7, 2023

Sophos has released security updates to resolve several vulnerabilities in its Web Appliance, including a critical unauthenticated code execution bug. The appliance is a web security solution that enables administrators to set and enforce web access policies from a single interface.

The critical vulnerability, identified as CVE-2023-1671 and having a CVSS score of 9.8, is found in the warning page handler of the appliance and can be exploited without authentication. The cybersecurity company describes the bug as “a pre-auth command injection vulnerability in the warn-proceed handler allowing execution of arbitrary code”. Sophos addressed the flaw with the release of Sophos Web Appliance

In addition to the critical issue, the security update also fixes two other vulnerabilities. The first is a high-severity code execution flaw in the exception wizard, tracked as CVE-2022-4934 (CVSS score of 7.2). This command injection vulnerability requires authentication for successful exploitation. The second is a medium-severity cross-site scripting (XSS) vulnerability in the report scheduler, identified as CVE-2020-36692. An attacker could exploit this flaw to execute JavaScript code in the victim's browser. “The victim must be tricked into submitting a malicious form on an attacker-controlled website while logged in to [Sophos Web Appliance] for the attack to succeed,” the cybersecurity firm explains.

Patches for all the vulnerabilities are delivered to Sophos Web Appliance users via automatic updates. The company recommends placing the appliance behind a firewall and blocking internet access to it. The Sophos Web Appliance is set to reach end-of-life (EoL) status on July 20, 2023, and Sophos advises customers to migrate to Sophos Firewall.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.