Details of VAR-202007-0916

ID

VAR-202007-0916

CVE

CVE-2020-15504

TITLE

Sophos XG Firewall In SQL Injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-007668

DESCRIPTION

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix. (DoS) It may be put into a state. Sophos XG Firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos, UK. A remote attacker could exploit this vulnerability to execute arbitrary code

Trust: 1.71

sources: NVD: CVE-2020-15504 // JVNDB: JVNDB-2020-007668 // VULHUB: VHN-168489

AFFECTED PRODUCTS

vendor:	sophos	model:	xg firewall	scope:	eq	version:	17.5	Trust: 1.0
vendor:	sophos	model:	xg firewall	scope:	gte	version:	17.0	Trust: 1.0
vendor:	sophos	model:	xg firewall	scope:	lte	version:	17.5	Trust: 1.0
vendor:	sophos	model:	xg firewall	scope:	eq	version:	18.0	Trust: 1.0
vendor:	sophos	model:	xg firewall	scope:	eq	version:	18.0 mr1	Trust: 0.8

sources: JVNDB: JVNDB-2020-007668 // NVD: CVE-2020-15504

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15504
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-007668
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202007-519
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-168489
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-15504
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-007668
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-168489
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-15504
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-007668
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-168489 // JVNDB: JVNDB-2020-007668 // CNNVD: CNNVD-202007-519 // NVD: CVE-2020-15504

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-168489 // JVNDB: JVNDB-2020-007668 // NVD: CVE-2020-15504

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-519

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-519

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007668

PATCH

title:	Advisory: Resolved RCE via SQLi (CVE-2020-15504)	url:	https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504	Trust: 0.8
title:	Sophos XG Firewall SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124093	Trust: 0.6

sources: JVNDB: JVNDB-2020-007668 // CNNVD: CNNVD-202007-519

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15504	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-007668	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-519	Trust: 0.7
db:	NSFOCUS	id:	48027	Trust: 0.6
db:	CNVD	id:	CNVD-2020-49516	Trust: 0.1
db:	VULHUB	id:	VHN-168489	Trust: 0.1

sources: VULHUB: VHN-168489 // JVNDB: JVNDB-2020-007668 // CNNVD: CNNVD-202007-519 // NVD: CVE-2020-15504

REFERENCES

url:	https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15504	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15504	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48027	Trust: 0.6
url:	https://vigilance.fr/vulnerability/sophos-xg-firewall-sql-injection-via-email-quarantine-32790	Trust: 0.6

sources: VULHUB: VHN-168489 // JVNDB: JVNDB-2020-007668 // CNNVD: CNNVD-202007-519 // NVD: CVE-2020-15504

SOURCES

db:	VULHUB	id:	VHN-168489
db:	JVNDB	id:	JVNDB-2020-007668
db:	CNNVD	id:	CNNVD-202007-519
db:	NVD	id:	CVE-2020-15504

LAST UPDATE DATE

2024-11-23T22:11:26.211000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-168489	date:	2020-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-007668	date:	2020-08-20T00:00:00
db:	CNNVD	id:	CNNVD-202007-519	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2020-15504	date:	2024-11-21T05:05:39.360

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-168489	date:	2020-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-007668	date:	2020-08-20T00:00:00
db:	CNNVD	id:	CNNVD-202007-519	date:	2020-07-10T00:00:00
db:	NVD	id:	CVE-2020-15504	date:	2020-07-10T17:15:10.817