CVE-2024-12727
CVSS V2 None
CVSS V3 None
Description
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
Overview
- CVE ID
- CVE-2024-12727
- Assigner
- Sophos
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-19T20:26:59.325Z
- Last Modified Date
- 2024-12-19T20:33:19.807Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-12727 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12727 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-12-20 13:16:40 | Added to TrackCVE |