How severe is CVE-2024-13974?

CVE-2024-13974 has a CVSS v3 score of 8.1 (HIGH).

CVE-2024-13974

Name: firewall
Author: sophos

8.1HIGH

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code

Опубликовано: 7/21/2025Обновлено: 11/17/2025

Описание

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.

ИИ-АнализНа базе ИИ

Затронутые продукты

sophosfirewall_firmware

sophosfirewall

Ссылки

https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
Vendor Advisory