Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)

CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023.

SECURITY

11/22/20231 min read

About CVE-2023-1671

CVE-2023-1671 is a pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance that allows attackers to execute arbitrary code.

More Information: https://www.helpnetsecurity.com/2023/11/20/cve-2023-1671/