.. / CVE-2023-1671

Exploit for Sophos Web Appliance - Remote Code Execution (CVE-2023-1671)

Description:

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

Nuclei Template

View the template here CVE-2023-1671.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-1671.yaml
Copy

References:

https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
http://packetstormsecurity.com/files/172016/Sophos-Web-Appliance-4.3.10.4-Command-Injection.html
https://nvd.nist.gov/vuln/detail/CVE-2023-1671
https://vulncheck.com/blog/cve-2023-1671-analysis
https://github.com/lions2012/Penetration_Testing_POC