CVE-2024-13974
HIGHDescription
A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.
Is your site exposed to CVE-2024-13974?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| sophos | firewall_firmware |
| sophos | firewall |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-13974? +
How severe is CVE-2024-13974? +
What products are affected by CVE-2024-13974? +
How do I check if I'm vulnerable to CVE-2024-13974? +
Related Vulnerabilities
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve …
By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to …
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge …
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally …
Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. …
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.