CVE-2024-13973

MEDIUM

Sophos Firewall Firmware < 21.0.1 - SQL Injection

Title source: rule

Description

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.

References (1)

Scores

CVSS v3 6.8
EPSS 0.0009
EPSS Percentile 25.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-89
Status published

Affected Products (1)

sophos/firewall_firmware < 21.0.1

Timeline

Published Jul 21, 2025
Tracked Since Feb 18, 2026