Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11503

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.

Published

2020-06-18T16:15:13.043

Last Modified

2024-11-21T04:58:01.843

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	sophos	sfos	< 17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Operating System	sophos	sfos	17.5	Yes
Hardware	sophos	xg_firewall	-	No

References

https://community.sophos.com/b/security-blog/posts/advisory-potential-rce-through-heap-overflow-in-awarrensmtp-cve-2020-11503 Vendor Advisory ([email protected])
https://community.sophos.com/b/security-blog/posts/advisory-potential-rce-through-heap-overflow-in-awarrensmtp-cve-2020-11503 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)