A vulnerability in the Web Application Firewall (WAF) component of the Sophos XG Firewall operating system (SFOS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user to follow a link that injects malicious script code into the WAF logs page of a targeted system. After the user visits the WAF logs page, the attacker could perform unauthorized actions in the webadmin security context and gain full root ssh shell access to the targeted system, which could result in a complete system compromise.
Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.
Sophos has confirmed the vulnerability and released software updates.
To exploit this vulnerability, the attacker may use misleading language or instructions to persuade a user to access a link that submits malicious input to the affected software.
Although a successful exploit of this vulnerability could allow an attacker to conduct an XSS attack, the attacker could also have the ability to gain full root ssh shell access after exploiting this vulnerability.
This vulnerability does not affect systems that have the WAF component disabled.