⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2020-25223OS Command Injection in Sophos Unified Threat Management

CWE-78OS Command InjectionCWE-94Code Injection6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
94.2%
top 0.07%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Sophos Unified Threat Management
Timeline
PublishedSep 25
KEV addedMar 25
KEV dueApr 15
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDsophos/unified_threat_management9.6009.607+5

🔴Vulnerability Details

3
GHSA
GHSA-pwxx-2hrw-72w5: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v92022-05-24
CVEList
CVE-2020-25223: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v92020-09-25
VulnCheck
Sophos SG UTM Remote Code Execution Vulnerability2020

💥Exploits & PoCs

1
Nuclei
Sophos UTM Preauth - Remote Code Execution

📋Vendor Advisories

1
CISA
Sophos SG UTM Remote Code Execution Vulnerability2022-03-25
CVE-2020-25223 — OS Command Injection in Sophos | cvebase