Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance

This week, Sophos released security patches that patch up a number of flaws in the Sophos Web Appliance, including a serious hole that allowed for code execution. The Sophos Web Appliance is a web security solution that enables managers to specify web access policies by people or groups and enforce them as appropriate from a single interface.

The warning page handler of the appliance contained the critical flaw, tracked as CVE-2023-1671 (CVSS score of 9.8), which could be exploited without authentication. According to Sophos, the flaw “allows execution of arbitrary code through a pre-auth command injection vulnerability in the warn-proceed handler.”

Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance

07-Apr-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address