CVE-2023-1671 Sophos CVE debrief

Who should care

Organizations that operate Sophos Web Appliance, especially security and infrastructure teams responsible for internet-facing appliances, vulnerability management, and incident response.

Technical summary

CISA's KEV entry identifies CVE-2023-1671 as a command injection vulnerability in Sophos Web Appliance and marks it as known exploited. The catalog entry directs affected users to apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Defensive priority

High. CISA added this CVE to the Known Exploited Vulnerabilities catalog and set a remediation due date of 2023-12-07, indicating urgent defensive attention.

Recommended defensive actions

• Confirm whether Sophos Web Appliance is deployed anywhere in the environment.
• Review the Sophos security advisory referenced by CISA and apply the vendor's mitigation instructions as soon as possible.
• If mitigations are unavailable or cannot be applied in a timely way, discontinue use of the product.
• Prioritize remediation before the CISA KEV due date and track completion in vulnerability management.
• Validate exposure in all internet-facing and high-value segments, then document the remediation status.

Evidence notes

Supported facts are limited to the CISA KEV source item and the linked official references. The source identifies Sophos as the vendor, Web Appliance as the product, the issue as a command injection vulnerability, the KEV dateAdded as 2023-11-16, the dueDate as 2023-12-07, and the required action as applying vendor mitigations or discontinuing use if mitigations are unavailable. No additional exploitation details or affected-version information are included in the supplied corpus.

Official resources