CVE-2024-13974

Summary

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.

Affected Software

VendorProductVersion RangeStatus
SophosSophos Firewall0 < 21.0 MR1 (21.0.1)affected

Weaknesses

  • CWE-807: CWE-807 Reliance on Untrusted Inputs in a Security Decision

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References