Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-18014

EPSS 0.18% · P39
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-18014

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sophos XG Firewall SFOS Logging子系统跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sophos XG Firewall是英国Sophos公司的一款防火墙设备。SFOS是运行在其中的一套操作系统。Logging subsystem是其中的一个日志子系统。 Sophos XG Firewall中的SFOS 17.0.3 MR3之前版本中的Logging子系统的webadmin界面的WAF日志页面存在跨站脚本漏洞。远程攻击者可利用该漏洞执行操作(例如:创建新用户、打开SSH或添加SSH授权的密钥)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-18014

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-18014

登录查看更多情报信息。

Same Patch Batch · n/a · 2018-01-12 · 62 CVEs total

CVE-2018-5361WordPress WPGlobus插件跨站请求伪造漏洞
CVE-2018-5377Discuz! DiscuzX 安全漏洞
CVE-2018-5326Cheetah Mobile CM Browser 安全漏洞
CVE-2017-16736Advantech WebAccess 安全漏洞
CVE-2017-16732Advantech WebAccess 资源管理错误漏洞
CVE-2018-5366WordPress WPGlobus插件跨站脚本漏洞
CVE-2018-5365WordPress WPGlobus插件跨站脚本漏洞
CVE-2018-5364WordPress WPGlobus插件跨站脚本漏洞
CVE-2018-5363WordPress WPGlobus插件跨站脚本漏洞
CVE-2018-5362WordPress WPGlobus插件跨站脚本漏洞
CVE-2018-5367WordPress WPGlobus插件跨站脚本漏洞
CVE-2018-5358ImageMagick Studio ImageMagick 资源管理错误漏洞
CVE-2018-5357ImageMagick 信息泄露漏洞
CVE-2018-5344Linux kernel 资源管理错误漏洞
CVE-2018-5371D-Link DSL-2640U和DSL-2540U 安全漏洞
CVE-2018-5315WordPress Wachipi WP Events Calendar插件SQL注入漏洞
CVE-2018-5262Flexense DiskBoss 缓冲区错误漏洞
CVE-2017-17970Muviko SQL注入漏洞
CVE-2017-16887FiberHome Mobile WIFI Device LM53Q1 安全漏洞
CVE-2017-16886FiberHome Mobile WIFI Device LM53Q1 安全漏洞

Showing top 20 of 62 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-18014

No comments yet

Leave a comment