Details of VAR-202008-0450

ID

VAR-202008-0450

CVE

CVE-2020-17352

TITLE

Sophos XG Firewall In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-009221

DESCRIPTION

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Sophos XG Firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos, UK. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

Trust: 1.71

sources: NVD: CVE-2020-17352 // JVNDB: JVNDB-2020-009221 // VULHUB: VHN-170522

AFFECTED PRODUCTS

vendor:	sophos	model:	xg firewall	scope:	eq	version:	18.0	Trust: 1.0
vendor:	sophos	model:	xg firewall	scope:	eq	version:	17.5	Trust: 1.0
vendor:	ソフォス	model:	sophos xg firewall	scope:	eq	version:	-	Trust: 0.8
vendor:	ソフォス	model:	sophos xg firewall	scope:	lte	version:	sophos xg firewall firmware 2020/08/05	Trust: 0.8

sources: JVNDB: JVNDB-2020-009221 // NVD: CVE-2020-17352

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-17352
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-17352
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202008-303
value:	HIGH
Trust: 0.6
VULHUB:	VHN-170522
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-17352
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-170522
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-17352
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-17352
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-170522 // JVNDB: JVNDB-2020-009221 // CNNVD: CNNVD-202008-303 // NVD: CVE-2020-17352

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	OS Command injection (CWE-78) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-170522 // JVNDB: JVNDB-2020-009221 // NVD: CVE-2020-17352

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-303

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202008-303

PATCH

title:	Resolved authenticated RCE issues in User Portal (CVE-2020-17352)	url:	https://community.sophos.com/b/security-blog	Trust: 0.8
title:	Sophos XG Firewall Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126334	Trust: 0.6

sources: JVNDB: JVNDB-2020-009221 // CNNVD: CNNVD-202008-303

EXTERNAL IDS

db:	NVD	id:	CVE-2020-17352	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-009221	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-303	Trust: 0.7
db:	CNVD	id:	CNVD-2020-47965	Trust: 0.1
db:	VULHUB	id:	VHN-170522	Trust: 0.1

sources: VULHUB: VHN-170522 // JVNDB: JVNDB-2020-009221 // CNNVD: CNNVD-202008-303 // NVD: CVE-2020-17352

REFERENCES

url:	https://community.sophos.com/b/security-blog/posts/advisory-resolved-authenticated-rce-issues-in-user-portal-cve-2020-17352	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17352	Trust: 1.4
url:	https://community.sophos.com/b/security-blog	Trust: 1.1
url:	https://vigilance.fr/vulnerability/sophos-xg-firewall-code-execution-via-user-portal-33038	Trust: 0.6

sources: VULHUB: VHN-170522 // JVNDB: JVNDB-2020-009221 // CNNVD: CNNVD-202008-303 // NVD: CVE-2020-17352

SOURCES

db:	VULHUB	id:	VHN-170522
db:	JVNDB	id:	JVNDB-2020-009221
db:	CNNVD	id:	CNNVD-202008-303
db:	NVD	id:	CVE-2020-17352

LAST UPDATE DATE

2024-11-23T22:11:25.109000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-170522	date:	2020-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-009221	date:	2020-10-23T07:00:00
db:	CNNVD	id:	CNNVD-202008-303	date:	2020-08-13T00:00:00
db:	NVD	id:	CVE-2020-17352	date:	2024-11-21T05:07:55.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-170522	date:	2020-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-009221	date:	2020-10-23T00:00:00
db:	CNNVD	id:	CNNVD-202008-303	date:	2020-08-07T00:00:00
db:	NVD	id:	CVE-2020-17352	date:	2020-08-07T20:15:12.623