CVE-2024-13974
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sophos | Sophos Firewall | 0 < 21.0 MR1 (21.0.1) | affected |
Weaknesses
- CWE-807: CWE-807 Reliance on Untrusted Inputs in a Security Decision
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.