This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical SQL Injection (SQLi) flaw in the SMTP proxy. <br>π₯ **Consequences**: Attackers can achieve **Remote Code Execution (RCE)**. This is a severe breach allowing full system compromise.
Q2Root Cause? (CWE/Flaw)
π **Root Cause**: **CWE-89** (SQL Injection). <br>β οΈ **Flaw**: The SMTP proxy fails to properly sanitize user inputs before processing SQL queries, allowing malicious payloads to execute.
Q3Who is affected? (Versions/Components)
π‘οΈ **Affected**: **Sophos Firewall**. <br>π **Version**: All versions **prior to 21.0.2**. If you are running an older build, you are at risk.
Q4What can hackers do? (Privileges/Data)
π **Hacker Power**: <br>π **Privileges**: Full system access via RCE. <br>π **Data**: Complete confidentiality and integrity loss. The CVSS score indicates **High** impact on all security metrics.
π¦ **Public Exploit**: **No**. <br>π« **Status**: The `pocs` list is empty. No public Proof-of-Concept (PoC) or wild exploitation code is currently available.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Check your Sophos Firewall version. <br>2. Verify if it is **< 21.0.2**. <br>3. Scan for SMTP proxy configurations exposed to the network.
Q8Is it fixed officially? (Patch/Mitigation)
β **Official Fix**: **Yes**. <br>π οΈ **Patch**: Upgrade to **Sophos Firewall version 21.0.2** or later. <br>π **Ref**: See Sophos Security Advisory SA-20250721-SFOS-RCE.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: <br>π« **Block SMTP**: Restrict access to the SMTP proxy service. <br>π **WAF**: Use Web Application Firewalls to filter SQL injection patterns in SMTP traffic.β¦