#VU70112 SQL injection in Sophos Firewall - CVE-2022-3710

Cybersecurity Help s.r.o.

Published: 2022-12-12

Vulnerability identifier: #VU70112

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3710

CWE-ID: CWE-89

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Sophos Firewall
Hardware solutions / Security hardware applicances

Vendor: Sophos

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the API clients. A remote user can send a specially crafted request to the affected application and read data in database.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Sophos Firewall: 19.0.0 - 19.0.2

External links
https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Sophos firewall