← Back

CVE-2020-15069

nvd nist
Published: Jun 29, 2020Modified: Jun 17, 2026CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.

Affected (13)

Sophos
1 product
Xg Firewall Firmware
Configuration A
13 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sophos
Xg Firewall Firmware
From 17.0 to 17.5
Xg Firewall Firmware
Version 17.5
Xg Firewall Firmware
Version 17.5 maintenance_release10
Xg Firewall Firmware
Version 17.5 maintenance_release11
Xg Firewall Firmware
Version 17.5 maintenance_release12
Xg Firewall Firmware
Version 17.5 maintenance_release1
Xg Firewall Firmware
Version 17.5 maintenance_release3
Xg Firewall Firmware
Version 17.5 maintenance_release4
Xg Firewall Firmware
Version 17.5 maintenance_release5
Xg Firewall Firmware
Version 17.5 maintenance_release6
Xg Firewall Firmware
Version 17.5 maintenance_release7
Xg Firewall Firmware
Version 17.5 maintenance_release8
Xg Firewall Firmware
Version 17.5 maintenance_release9
Running on/withPlatform Versions
Sophos
Xg Firewall
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (3)

Source: cve@mitre.org
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.