CVE-2022-3226

HIGH

Sophos Firewall <19.5 GA - Command Injection

Title source: llm

Description

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.

References (1)

Scores

CVSS v3 7.2
EPSS 0.0046
EPSS Percentile 63.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-78
Status published

Affected Products (1)

sophos/xg_firewall_firmware < 19.0

Timeline

Published Dec 01, 2022
Tracked Since Feb 18, 2026