Three vulnerabilities have been added by CISA to its list of known exploited vulnerabilities. Among these is a major vulnerability (CVE-2023-1671) in the Sophos Web Appliance, which the business corrected in April 2023. Pre-auth command injection vulnerability CVE-2023-1671 in Sophos Web Appliance’s warn-proceed handler lets attackers run arbitrary code.
The Sophos Web Appliance is a web gateway appliance that checks for several types of malware and serves as a web proxy for potentially hazardous content.Through the Sophos bug bounty program, an external security researcher discovered the vulnerability in early April. All appliance versions earlier than 220.127.116.11 were impacted.