CVE-2023-1671

CRITICAL KEV NUCLEI

Sophos Web Appliance <4.3.10.4 - Command Injection

Title source: llm

Description

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

Exploits (5)

nomisec WORKING POC 17 stars

by W01fh4cker · remote

https://github.com/W01fh4cker/CVE-2023-1671-POC

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by ohnonoyesyes · remote

https://github.com/ohnonoyesyes/CVE-2023-1671

View Code ZIP pw:eip

nomisec WORKING POC

by csffs · remote

https://github.com/csffs/cve-2023-1671

View Code ZIP pw:eip

exploitdb WORKING POC

by Behnam Abasi Vanda · bashwebappsphp

https://www.exploit-db.com/exploits/51396

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/behnamvanda/CVE-2023-1671

View Code ZIP pw:eip

Nuclei Templates (1)

Sophos Web Appliance - Remote Code Execution

CRITICALVERIFIEDby Co5mos

Shodan: title:"Sophos Web Appliance" || http.title:"sophos web appliance" || http.favicon.hash:-893681401

FOFA: title="Sophos Web Appliance" || title="sophos web appliance" || icon_hash=-893681401

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/172016/Sophos-Web-Appliance-4.3.10.4-Command-Injection.html

[Vendor Advisory] https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-1671

Scores

CVSS v3 9.8

EPSS 0.9430

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2023-11-16

VulnCheck KEV 2023-11-16

InTheWild.io 2023-11-16

ENISA EUVD EUVD-2023-23899

Classification

CWE

CWE-77

Status published

Affected Products (1)

sophos/web_appliance < 4.3.10.4

Timeline

Published Apr 04, 2023

KEV Added Nov 16, 2023

Tracked Since Feb 18, 2026