Buffer Overflow and Remote Code Execution in Sophos XG Firewall 17.x through v17.5 MR12 via HTTP/S Bookmarks

Buffer Overflow and Remote Code Execution in Sophos XG Firewall 17.x through v17.5 MR12 via HTTP/S Bookmarks

CVE-2020-15069 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.

Learn more about our Web Application Penetration Testing UK.