Security Advisory

CVE-2024-12727

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-19 20:26:59

Last updated 2024-12-21 04:55:59

Assigner Sophos

State PUBLISHED

Description

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.

← Browse all CVEs View on cve.org ↗