COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Sophos vendor

7
failure events
0
zero-days
7
RCEs
7
on KEV
1
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 7 events

DateEventSevFlagsShameSummary
2021-11-03 CVE-2020-12271 critical ⚡RCE ⌖KEV 95 Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames an
2025-02-06 CVE-2020-29574 high ⚡RCE ⌖KEV 65 CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
2025-02-06 CVE-2020-15069 high ⚡RCE ⌖KEV 65 Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.
2023-11-16 CVE-2023-1671 high ⚡RCE ⌖KEV 65 Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
2022-09-23 CVE-2022-3236 high ⚡RCE ⌖KEV 65 A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
2022-03-31 CVE-2022-1040 high ⚡RCE ⌖KEV 65 An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
2022-03-25 CVE-2020-25223 high ⚡RCE ⌖KEV 65 A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.