Sophos — community ground truth
2 notable / known-exploited Sophos CVEs the community has triaged.
ⓘ Not an exhaustive list — we focus on the findings that matter (exploited / notable). For every Sophos CVE, see NVD ↗.
- CVE-2023-1671CVSS 9.8KEVEPSS 100%
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
- CVE-2022-1040CVSS 9.8KEVEPSS 100%
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.