vulnerability

Sophos Web Appliance: CVE-2023-1671: Improper Neutralization of Special Elements used in a Command

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Apr 4, 2023	May 1, 2025	May 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Apr 4, 2023

Added

May 1, 2025

Modified

May 2, 2025

Description

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

Solution

sophos-web-appliance-obsolete

References

CVE-2023-1671
https://attackerkb.com/topics/CVE-2023-1671
URL-https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
URL-http://packetstormsecurity.com/files/172016/Sophos-Web-Appliance-4.3.10.4-Command-Injection.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today