CVE-2024-12727: A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to...

9.8 CVSS

Description

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.

Classification

CVE ID: CVE-2024-12727

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Sophos

Product: Sophos Firewall

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce

Timeline

2024-12-21 00:30:26 UTC
CVE

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to...