These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2020-29574 is a SQL injection vulnerability in Sophos CyberoamOS (CROS). CISA added it to the Known Exploited Vulnerabilities catalog on 2025-02-06 and states the impacted product is end-of-life/end-of-service, so any remaining use should be treated as a high-priority retirement or migration issue.
CVE-2020-15069 is a Sophos XG Firewall buffer overflow vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-02-06. Because it is in KEV, defenders should treat it as actively exploited and prioritize remediation using Sophos guidance or stop using the product if mitigations are not available.
CVE-2023-1671 is a Sophos Web Appliance command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-11-16. Because it is listed in KEV, defenders should treat it as an active-risk issue and follow the vendor's mitigation guidance immediately, or discontinue use of the product if mitigations are not available.
CVE-2022-3236 is a code injection vulnerability affecting Sophos Firewall. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-09-23, which means defenders should treat it as an actively targeted issue and prioritize vendor-guided remediation.
CVE-2022-1040 is an authentication bypass vulnerability in Sophos Firewall that CISA added to its Known Exploited Vulnerabilities catalog on 2022-03-31. Because it is confirmed exploited, organizations using Sophos Firewall should treat remediation as urgent and follow the vendor’s update instructions without delay.
CVE-2020-25223 is a remote code execution vulnerability affecting Sophos SG UTM. CISA lists it in the Known Exploited Vulnerabilities catalog, which means it has been observed as actively exploited. The available corpus does not provide root-cause or version-range details, so the safest response is to follow Sophos vendor guidance and apply updates without delay.
CVE-2020-12271 is a Sophos SFOS SQL injection vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. Because it is in KEV and marked with known ransomware campaign use, defenders should treat it as a high-priority remediation item and apply Sophos updates per vendor instructions.
CVE-2016-9554 describes a remote command injection in Sophos Web Appliance 4.2.1.3’s web administrative interface. The issue is in MgrDiagnosticTools.php, where the url parameter is passed to executeCommand/exec() without proper escaping, and the vulnerable page is reached through the configuration section. Successful abuse can yield shell access as the spiderman user.
CVE-2016-9553 affects Sophos Web Appliance 4.2.1.3 and involves two remote command injection issues in the web administrative interface. The vulnerable MgrReport.php controller mishandles the blockip and unblockip inputs before shell execution, creating a path for injected system commands. Sophos tracks the issue as NSWA-1258.