CVE-2020-12271CISA KEVEPSS p98.6%

CVE-2020-12271Sophos SFOS SQL Injection Vulnerability

Sophos / SFOS

Description

Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

Scoring

EPSS43.06% probability of exploitation · percentile 98.6% · 2026-06-21T12:00:28Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntrySophos SFOS SQL Injection Vulnerabilitykev-cve-2020-122710%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Sophos Firewall Code Injection Vulnerability
CVE
Sophos Firewall Authentication Bypass Vulnerability
CVE
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
CVE
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
CVE
SonicWall SMA100 SQL Injection Vulnerability
CVE
Sophos Web Appliance Command Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.