CVE-2022-4934

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SophosCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
sophosweb_appliance
𝑥
< 4.3.10.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce