A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
2022-12-01T18:15:10.343
2025-04-24T20:15:24.440
Modified
CVSSv3.1: 7.2 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | sophos | xg_firewall_firmware | ≤ 19.0 | Yes |
| Hardware | sophos | xg_firewall | - | No |