CVE-2023-1671

Sophos Web Appliance Command Injection Vulnerability

Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. Vendor/Product: Sophos Web Appliance. Added to CISA KEV 2023-11-16; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2023-1671