CVE-2020-12271 is a vulnerability in Sophos Sfos
Published on April 27, 2020
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)
Known Exploited Vulnerability
This Sophos XG Firewall SQL Injection Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A SQL injection issue that causes affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone.
The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2020-12271 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2020-12271
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-12271 are published in Sophos Sfos:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.