Exploitation Summary
CVE-2020-15069 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 6, 2025.
Description
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-15069
Scores
CVSS v3
9.8
EPSS
0.8257
EPSS Percentile
99.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2025-02-06
VulnCheck KEV
2024-10-31
ENISA EUVD
EUVD-2020-7197
CWE
CWE-120
Status
published
Products (2)
sophos/xg_firewall_firmware
17.5 (12 CPE variants)
sophos/xg_firewall_firmware
17.0 - 17.5
Published
Jun 29, 2020
KEV Added
Feb 06, 2025
Tracked Since
Feb 18, 2026