Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) | allinfosecnews.com

Nov. 20, 2023, 11:43 a.m. | Helga Labus

Help Net Security www.helpnetsecurity.com

CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023. About CVE-2023-1671 CVE-2023-1671 is a pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance that allows attackers to execute arbitrary code. Sophos Web Appliance is a web gateway appliance that functions as a web proxy and scans potentially harmful content for … More →

The post …

april attackers auth catalog cisa command command injection critical critical vulnerability cve don't miss enterprise exploit exploited exploited vulnerabilities hot stuff injection known exploited known exploited vulnerabilities known exploited vulnerabilities catalog poc sophos sophos web appliance the company vulnerabilities vulnerability vulnerability exploited web

More from www.helpnetsecurity.com / Help Net Security

Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics … 2 hours ago | www.helpnetsecurity.com

access anti-ransomware articles attackers +24

Snowflake denies breach, blames data theft on poorly secured customer accounts 14 hours ago | www.helpnetsecurity.com

accounts actor aware breach +26

Snowflake compromised? Attackers exploit stolen credentials 1 day, 15 hours ago | www.helpnetsecurity.com

accounts analytics attackers claims +26

25,000 individuals affected in BBC Pension Scheme data breach 1 day, 21 hours ago | www.helpnetsecurity.com

bbc breach current data +20

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) 1 day, 23 hours ago | www.helpnetsecurity.com

0 day accounts april attackers +31

apexanalytix Cyber Risk provides instant alerts for supplier data breaches 2 days, 1 hour ago | www.helpnetsecurity.com

account alerts apexanalytix breaches +24

Lack of skills and budget slow zero-trust implementation 2 days, 6 hours ago | www.helpnetsecurity.com

amp breach budget cyber +24

Encrypted Notepad: Open-source text editor 2 days, 7 hours ago | www.helpnetsecurity.com

ads aes app connection +19

New infosec products of the week: May 31, 2024 2 days, 7 hours ago | www.helpnetsecurity.com

adaptive shield capabilities dashlane detectify +21

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com