cvelistv5 - CVE-2020-17352

CVE-2020-17352 (GCVE-0-2020-17352)

Vulnerability from cvelistv5 – Published: 2020-08-07 19:50 – Updated: 2024-08-04 13:53

Summary

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://community.sophos.com/b/security-blog	x_refsource_MISC
	https://community.sophos.com/b/security-blog/post…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:53:17.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.sophos.com/b/security-blog"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-07T19:50:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.sophos.com/b/security-blog"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-17352",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.sophos.com/b/security-blog",
              "refsource": "MISC",
              "url": "https://community.sophos.com/b/security-blog"
            },
            {
              "name": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352",
              "refsource": "MISC",
              "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-17352",
    "datePublished": "2020-08-07T19:50:04",
    "dateReserved": "2020-08-05T00:00:00",
    "dateUpdated": "2024-08-04T13:53:17.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3BBDD37-5675-43F6-A298-A1E7CBDC68EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AB6515B-F780-4B1B-BD1E-2EBEFCA09E4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AD1DF62-D9CF-40BD-B9F0-D66D8CF497A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF3BC5B5-9440-4B70-BD38-A7ABDE8EDF82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF5A6965-C9DA-4D96-ABCC-2FA424B53C3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A73BC58-7D57-4699-8C1A-F260CA6893ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4:*:*:*:*:*:*\", \"matchCriteriaId\": \"70FF0E57-77CA-4DC1-94EB-8728AAECE268\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B791A90-1286-4CBF-ADCE-E0B9D128DEB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A9EAA0D-D5A1-41C1-9EA1-9B4CFA0F8C4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3BD6BB0-8D01-4B33-8989-D424ABE9453D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8:*:*:*:*:*:*\", \"matchCriteriaId\": \"496397CE-77F5-4773-A1AC-A05D34C697E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A3FA1DC-64AF-4557-B9EC-E1A0A07FACB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:18.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"66BCC2C8-DDBD-4AF7-807A-BC9F5D4AC6E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sophos:xg_firewall_firmware:18.0:mr1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0D55C63-0190-4F6D-BF8A-C135E0D2BDFA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"Dos vulnerabilidades de inyecci\\u00f3n de comandos de Sistema Operativo en el portal de Usuario de Sophos XG Firewall hasta el 05-08-2020, permiten potencialmente a un atacante autenticado ejecutar c\\u00f3digo arbitrario remotamente\"}]",
      "id": "CVE-2020-17352",
      "lastModified": "2024-11-21T05:07:55.860",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-08-07T20:15:12.623",
      "references": "[{\"url\": \"https://community.sophos.com/b/security-blog\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://community.sophos.com/b/security-blog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-17352\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-08-07T20:15:12.623\",\"lastModified\":\"2024-11-21T05:07:55.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Dos vulnerabilidades de inyecci\u00f3n de comandos de Sistema Operativo en el portal de Usuario de Sophos XG Firewall hasta el 05-08-2020, permiten potencialmente a un atacante autenticado ejecutar c\u00f3digo arbitrario remotamente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3BBDD37-5675-43F6-A298-A1E7CBDC68EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AB6515B-F780-4B1B-BD1E-2EBEFCA09E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AD1DF62-D9CF-40BD-B9F0-D66D8CF497A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF3BC5B5-9440-4B70-BD38-A7ABDE8EDF82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF5A6965-C9DA-4D96-ABCC-2FA424B53C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A73BC58-7D57-4699-8C1A-F260CA6893ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4:*:*:*:*:*:*\",\"matchCriteriaId\":\"70FF0E57-77CA-4DC1-94EB-8728AAECE268\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B791A90-1286-4CBF-ADCE-E0B9D128DEB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A9EAA0D-D5A1-41C1-9EA1-9B4CFA0F8C4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3BD6BB0-8D01-4B33-8989-D424ABE9453D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8:*:*:*:*:*:*\",\"matchCriteriaId\":\"496397CE-77F5-4773-A1AC-A05D34C697E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A3FA1DC-64AF-4557-B9EC-E1A0A07FACB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:18.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"66BCC2C8-DDBD-4AF7-807A-BC9F5D4AC6E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sophos:xg_firewall_firmware:18.0:mr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D55C63-0190-4F6D-BF8A-C135E0D2BDFA\"}]}]}],\"references\":[{\"url\":\"https://community.sophos.com/b/security-blog\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://community.sophos.com/b/security-blog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

VAR-202008-0450

Vulnerability from variot - Updated: 2023-12-18 12:16

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Sophos XG Firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos, UK. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0450",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "xg firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sophos",
        "version": "17.5"
      },
      {
        "model": "xg firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sophos",
        "version": "18.0"
      },
      {
        "model": "sophos xg firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30bd\u30d5\u30a9\u30b9",
        "version": null
      },
      {
        "model": "sophos xg firewall",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30bd\u30d5\u30a9\u30b9",
        "version": "sophos xg firewall  firmware  2020/08/05"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17352"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:mr1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-17352"
      }
    ]
  },
  "cve": "CVE-2020-17352",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-17352",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-170522",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-17352",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-17352",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202008-303",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-170522",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-303"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Sophos XG Firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos, UK. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-17352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "db": "VULHUB",
        "id": "VHN-170522"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-17352",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-303",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-47965",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-170522",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-303"
      }
    ]
  },
  "id": "VAR-202008-0450",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170522"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:16:53.244000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Resolved\u00a0authenticated\u00a0RCE\u00a0issues\u00a0in\u00a0User\u00a0Portal\u00a0(CVE-2020-17352)",
        "trust": 0.8,
        "url": "https://community.sophos.com/b/security-blog"
      },
      {
        "title": "Sophos XG Firewall Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126334"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-303"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17352"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17352"
      },
      {
        "trust": 1.1,
        "url": "https://community.sophos.com/b/security-blog"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/sophos-xg-firewall-code-execution-via-user-portal-33038"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-303"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-170522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-303"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-170522"
      },
      {
        "date": "2020-10-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "date": "2020-08-07T20:15:12.623000",
        "db": "NVD",
        "id": "CVE-2020-17352"
      },
      {
        "date": "2020-08-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-303"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-170522"
      },
      {
        "date": "2020-10-23T07:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      },
      {
        "date": "2020-08-12T14:58:59.807000",
        "db": "NVD",
        "id": "CVE-2020-17352"
      },
      {
        "date": "2020-08-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-303"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-303"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sophos\u00a0XG\u00a0Firewall\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009221"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-303"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2020-17352

Vulnerability from fkie_nvd - Published: 2020-08-07 20:15 - Updated: 2024-11-21 05:07

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

References

URL	Tags
cve@mitre.org	https://community.sophos.com/b/security-blog	Vendor Advisory
cve@mitre.org	https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://community.sophos.com/b/security-blog	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	17.5
sophos	xg_firewall_firmware	18.0
sophos	xg_firewall_firmware	18.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3BBDD37-5675-43F6-A298-A1E7CBDC68EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "2AB6515B-F780-4B1B-BD1E-2EBEFCA09E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10:*:*:*:*:*:*",
              "matchCriteriaId": "2AD1DF62-D9CF-40BD-B9F0-D66D8CF497A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11:*:*:*:*:*:*",
              "matchCriteriaId": "FF3BC5B5-9440-4B70-BD38-A7ABDE8EDF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A6965-C9DA-4D96-ABCC-2FA424B53C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "9A73BC58-7D57-4699-8C1A-F260CA6893ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4:*:*:*:*:*:*",
              "matchCriteriaId": "70FF0E57-77CA-4DC1-94EB-8728AAECE268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5:*:*:*:*:*:*",
              "matchCriteriaId": "7B791A90-1286-4CBF-ADCE-E0B9D128DEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6:*:*:*:*:*:*",
              "matchCriteriaId": "8A9EAA0D-D5A1-41C1-9EA1-9B4CFA0F8C4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7:*:*:*:*:*:*",
              "matchCriteriaId": "D3BD6BB0-8D01-4B33-8989-D424ABE9453D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8:*:*:*:*:*:*",
              "matchCriteriaId": "496397CE-77F5-4773-A1AC-A05D34C697E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9:*:*:*:*:*:*",
              "matchCriteriaId": "4A3FA1DC-64AF-4557-B9EC-E1A0A07FACB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "66BCC2C8-DDBD-4AF7-807A-BC9F5D4AC6E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:mr1:*:*:*:*:*:*",
              "matchCriteriaId": "D0D55C63-0190-4F6D-BF8A-C135E0D2BDFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Dos vulnerabilidades de inyecci\u00f3n de comandos de Sistema Operativo en el portal de Usuario de Sophos XG Firewall hasta el 05-08-2020, permiten potencialmente a un atacante autenticado ejecutar c\u00f3digo arbitrario remotamente"
    }
  ],
  "id": "CVE-2020-17352",
  "lastModified": "2024-11-21T05:07:55.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-07T20:15:12.623",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.sophos.com/b/security-blog"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.sophos.com/b/security-blog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-47965

Vulnerability from cnvd - Published: 2020-08-25

Title

Sophos XG Firewall操作系统命令注入漏洞

Description

Sophos XG Firewall是英国Sophos公司的一款下一代端点保护与企业级防火墙产品。 Sophos XG Firewall 2020-08-05及之前版本中的User Portal存在操作系统命令注入漏洞。该漏洞源于外部输入数据构造操作系统可执行命令过程中，网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。

Severity

中

Patch Name

Sophos XG Firewall操作系统命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-17352

Impacted products

Name
Sophos Sophos XG Firewall <=2020-08-05

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-17352",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-17352"
    }
  },
  "description": "Sophos XG Firewall\u662f\u82f1\u56fdSophos\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u7aef\u70b9\u4fdd\u62a4\u4e0e\u4f01\u4e1a\u7ea7\u9632\u706b\u5899\u4ea7\u54c1\u3002\n\nSophos XG Firewall 2020-08-05\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684User Portal\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-47965",
  "openTime": "2020-08-25",
  "patchDescription": "Sophos XG Firewall\u662f\u82f1\u56fdSophos\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u7aef\u70b9\u4fdd\u62a4\u4e0e\u4f01\u4e1a\u7ea7\u9632\u706b\u5899\u4ea7\u54c1\u3002\r\n\r\nSophos XG Firewall 2020-08-05\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684User Portal\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sophos XG Firewall\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Sophos Sophos XG Firewall \u003c=2020-08-05"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-17352",
  "serverity": "\u4e2d",
  "submitTime": "2020-08-11",
  "title": "Sophos XG Firewall\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-6FG8-3M77-GWRP

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25

Details

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-17352"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-07T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.",
  "id": "GHSA-6fg8-3m77-gwrp",
  "modified": "2022-05-24T17:25:05Z",
  "published": "2022-05-24T17:25:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17352"
    },
    {
      "type": "WEB",
      "url": "https://community.sophos.com/b/security-blog"
    },
    {
      "type": "WEB",
      "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-17352

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

Aliases

CVE-2020-17352

Aliases

CVE-2020-17352

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-17352",
    "description": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.",
    "id": "GSD-2020-17352"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-17352"
      ],
      "details": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.",
      "id": "GSD-2020-17352",
      "modified": "2023-12-13T01:21:50.213804Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-17352",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://community.sophos.com/b/security-blog",
            "refsource": "MISC",
            "url": "https://community.sophos.com/b/security-blog"
          },
          {
            "name": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352",
            "refsource": "MISC",
            "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:17.5:maintenance_release9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sophos:xg_firewall_firmware:18.0:mr1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-17352"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352"
            },
            {
              "name": "https://community.sophos.com/b/security-blog",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://community.sophos.com/b/security-blog"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-12T14:58Z",
      "publishedDate": "2020-08-07T20:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-17352 (GCVE-0-2020-17352)

VAR-202008-0450

FKIE_CVE-2020-17352

CNVD-2020-47965

GHSA-6FG8-3M77-GWRP

GSD-2020-17352

Tags

Sightings

Nomenclature