Obsidian Tech Wiki

Search

SearchSearch

CVE-2020-12271

Nov 04, 2023, 2 min read

Educational use only

This wiki page is intended for educational purposes only. The information provided within this content is meant to enhance understanding, knowledge, and skills related to the subjects discussed. It is not intended to be used for any commercial, industrial, or professional application without appropriate consultation and verification from relevant experts or authorities.

The content presented herein should be utilised responsibly and ethically in accordance with educational guidelines, institutions, or programs. Any action taken based on the information found in this wiki should be done with a critical and discerning mindset, considering the specific context and guidelines of educational institutions.

In no way does this information replace professional advice, guidance, or expertise. Individuals using this information are encouraged to seek qualified professionals or experts for tailored guidance related to their specific needs, projects, or applications.

The creators and contributors of this wiki disclaim any liability for any misuse, misinterpretation, or consequences arising from the use of the information beyond its intended educational scope.

CVE Details:

Affected Versions

SFOS 17.0, 17.1, 17.5, and 18.0

What Does it Do?

Pre-Authentication SQL Injection

  • can allow exfiltration of XG firewall-resident data, which can contain local user credentials

Pasted image 20210502180238.png

(source: https://www.tenable.com/blog/cve-2020-12271-zero-day-sql-injection-vulnerability-in-sophos-xg-firewall-exploited-in-the-wild)

Exploit

Known to be exploited in the wild, but no PoC has been released

References

Graph View

Backlinks

  • No backlinks found