Share
## https://sploitus.com/exploit?id=SAINT:4A73A5CD7FE341977E86117842CBB67D
Added: 08/27/2021  


### Background

[Sophos UTM](<https://www.sophos.com/en-us/products/unified-threat-management.aspx>) is a network security appliance. 

### Problem

A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. 

### Resolution

Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 or higher. 

### References

<https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223>  
<https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223>  


### Limitations

Exploit works on Sophos UTM v9.701 and possibly other versions. 

### Platforms

Linux