Sophos Xg Firewall Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sophos Xg Firewall Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Sophos Xg Firewall Firmware. Xg Firewall Firmware did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 6 | 6.43 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 9.80 |
It may take a day or so for new Xg Firewall Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sophos Xg Firewall Firmware Security Vulnerabilities
Post-auth Read-Only SQLi in Sophos Firewall <=19.5 GA's User Portal
CVE-2022-3711
4.3 - Medium
- December 01, 2022
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.
SQL Injection
Sophos Firewall <19.5 GA: Post-Auth Read-Only SQLi in API Controller
CVE-2022-3710
2.7 - Low
- December 01, 2022
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
SQL Injection
Sophos Firewall <19.5 GA: Wifi Controller Code Injection CVE-2022-3713
CVE-2022-3713
8.8 - High
- December 01, 2022
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.
Code Injection
Stored XSS in Sophos Firewall Webadmin (pre19.5 GA) Admin SuperAdmin
CVE-2022-3709
8.4 - High
- December 01, 2022
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.
XSS
CVE-2022-3696: Webadmin Code Injection in Sophos Firewall <19.5
CVE-2022-3696
7.2 - High
- December 01, 2022
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
Code Injection
Sophos Firewall <19.5 OS Command Injection via SSL VPN Config Upload
CVE-2022-3226
7.2 - High
- December 01, 2022
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
Shell injection
Sophos XG Firewall 17.x through v17.5 MR12
CVE-2020-15069
9.8 - Critical
- June 29, 2020
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
Classic Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sophos Xg Firewall Firmware or by Sophos? Click the Watch button to subscribe.
