KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2023-1671

PUBLISHED

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Sophos
Product
Sophos Web Appliance
Published
Apr 04, 2023
EPSS

Description

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

cisa nuclei_scanner

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2023-11-16 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Nov 16, 2023

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-1671.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

W01fh4cker/CVE-2023-1671-POC

github · Created 2023-04-24 15:53:42 UTC · 17 stars

CVE-2023-1671-POC, based on dnslog platform

ohnonoyesyes/CVE-2023-1671

github · Created 2023-04-23 02:58:17 UTC · 5 stars

Pre-Auth RCE in Sophos Web Appliance

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nuclei