CVE-2024-12727
CRITICALSophos Firewall < 21.0.1 - Unauthenticated SQL Injection in Email Protection Feature
Title source: llmDescription
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce
Scores
CVSS v3
9.8
EPSS
0.0312
EPSS Percentile
87.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
sophos/firewall_firmware
< 21.0.1
Published
Dec 19, 2024
Tracked Since
Feb 18, 2026