CVE-2024-12727
Last modified
CVE-2024-12727 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.. EPSS estimates a 1.41% chance of exploitation in the next 30 days.
Description
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sophos | Firewall Firmware | < 21.0.1 |
References
- https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rcePatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-12727?
How severe is CVE-2024-12727?
How do I fix CVE-2024-12727?
Are you affected by CVE-2024-12727?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST