Wednesday , February 5 2025

Sophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code

infosecbulletin Wednesday , April 12 2023 International

Sophos has released a new security advisory that has fixed 3 of its significant vulnerabilities, allowing threat actors to execute arbitrary code injection on Sophos Web Appliance (SWA).

CVE(s):

CVE-2023-1671 – Pre-Auth Command Injection in Sophos Web Appliance

CVSS Score: 9.8 (Critical)

Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

By infosecbulletin / Wednesday , February 5 2025
Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants...
Read More
Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

By infosecbulletin / Wednesday , February 5 2025
Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8)...
Read More
Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability

By infosecbulletin / Tuesday , February 4 2025
Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow...
Read More
CVE-2025-21415 Microsoft Patches Critical Azure AI Face Service Vulnerability

Daily Security Update Dated:4.02.2025

By infosecbulletin / Tuesday , February 4 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated:4.02.2025

768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

By infosecbulletin / Tuesday , February 4 2025
In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in...
Read More
768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

.Gov Domains Weaponized in Phishing Surge

By infosecbulletin / Monday , February 3 2025
A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to...
Read More
.Gov Domains Weaponized in Phishing Surge

RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS

By infosecbulletin / Sunday , February 2 2025
The cybersecurity seminar "RedSentry presents: Hacked 101," organized by RedSentry with the University of Information Technology and Sciences (UITS) as...
Read More
RedSentry presents Hacked 101 Seminar Successfully Ended at UITS

US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

By infosecbulletin / Sunday , February 2 2025
Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total...
Read More
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

By infosecbulletin / Sunday , February 2 2025
This week, multiple research teams showcased jailbreaks for popular AI models, including OpenAI's ChatGPT, DeepSeek, and Alibaba's Qwen. After its...
Read More
ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

Paragon Attack WhatsApp With New Zero-Click Spyware

By infosecbulletin / Sunday , February 2 2025
WhatsApp reveiled on Friday that a "zero-click" spyware attack, linked to the Israeli company Paragon, has targeted many users globally,...
Read More
Paragon Attack WhatsApp With New Zero-Click Spyware

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This vulnerability exists on the warn-proceed handler, allowing threat actors to execute arbitrary code. An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

CVE-2022-4934 – Post-Auth Command Injection in Sophos Web Appliance

CVSS Score: 7.2 (High)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

This vulnerability exists on the exception wizard handler, allowing administrators to execute arbitrary code. An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

CVE-2020-36692 – Reflected XSS via POST method in Sophos Web Appliance

CVSS Score: 5.4 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

This vulnerability exists on the report scheduler, allowing threat actors to execute Javascript code on the victim’s browser. To exploit this vulnerability, a threat actor must trick a victim into submitting a malicious form on any compromised website.

In contrast, the victim is logged on to Sophos Web Appliance.  An external security researcher reported it through the Sophos Bug Bounty Program.

Vulnerable Products:

Sophos Web Appliance 4.3.10.4 and older versions

Recommendations:

  • Sophos has released patches to fix these vulnerabilities, which no longer need customer interaction since they are automatically updated.
  • Sophos has also requested to keep Sophos Web Appliance protected from exposing to the internet

Release Notes:

Work Order Description
NSWA-1689 Resolved an XSS vulnerability in the report scheduler (CVE-2020-36692).
NSWA-1756 Resolved a vulnerability in the exception wizard (CVE-2022-4934).
NSWA-1763 Resolved a vulnerability in the warning page handler (CVE-2023-1671).

 

Check Also

Malware Trends Review 2024: Ever Recorded Cyber Threats

Last year saw a significant rise in cyber threats, with malware becoming more advanced and …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin