CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023. About CVE-2023-1671 CVE-2023-1671 is a pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance that allows attackers to execute arbitrary code. Sophos Web Appliance is a web gateway appliance that functions as a web proxy and scans potentially harmful content for … More
The post Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) appeared first on Help Net Security.