Sophos UTM Webadmin remote command execution

Added: 08/27/2021

Background

Sophos UTM is a network security appliance.

Problem

A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request.

Resolution

Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 or higher.

References

https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223
https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223

Limitations

Exploit works on Sophos UTM v9.701 and possibly other versions.

Platforms

Linux

Back to exploit index