Sophos released security updates to address multiple vulnerabilities in Sophos Web Appliance, including a critical flaw that could result in code execution.
The Sophos Web Appliance is a web security solution that enables administrators to define web access policies by users or groups and enforce them as necessary from a single interface. The warning page handler of the appliance contained the critical flaw, tracked as CVE-2023-1671 (CVSS score of 9.8), which could be exploited without authentication.
According to Sophos, the flaw “allows execution of arbitrary code through a pre-auth command injection vulnerability in the warn-proceed handler.”
Read More: Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.