This exploit demonstrates a path traversal vulnerability (CVE-2017-12854) in Sophos XG Firewall 16.05.4 MR-4, allowing authenticated users to download arbitrary files (e.g., /etc/passwd) via crafted requests. It also highlights a missing function-level access control, enabling low-privileged User Portal users to exploit the same vulnerability.
Classification
Working Poc 90%
Target:
Sophos XG Firewall 16.05.4 MR-4
Auth required
Prerequisites:
Authenticated access to Sophos XG Firewall (admin or User Portal) · CSRF token extraction