Bug Bounties
Sophos

Sophos

bugcrowd.com → Contact
Bounty RecognitionFull Safe Harbor Up to USD $80,000

Program Details

Managed
Yes
Allows Disclosure
Yes

Scope (18 targets)

web: 3 mobile: 2 other: 13

In Scope

  • Intercept X Endpoint (Windows) - Zero-click RCE other bounty-eligible
  • Sophos Central (Production) - Special Target web bounty-eligible
  • Sophos Firewall (XG/XGS, SFOS) - Pre-auth RCE other bounty-eligible
  • Sophos Central (Production) web bounty-eligible
  • Sophos Firewall (XG/XGS, SFOS) other bounty-eligible
  • Intercept X Endpoint (Windows) other bounty-eligible
  • Intercept X Endpoint (MacOS) other bounty-eligible
  • Intercept X Endpoint (Linux) other bounty-eligible
  • Intercept X Mobile (iOS) mobile bounty-eligible
  • Intercept X Mobile (Android) mobile bounty-eligible
  • Sophos NDR Appliances (NDR, Investigation Console) other bounty-eligible
  • Other Sophos Appliances (RED, Switch, Access Points, ...) other bounty-eligible
  • Sophos-owned IT infrastructure (*.sophos.com) other bounty-eligible
  • SOPHOS/Secureworks : Taegis other bounty-eligible
  • SOPHOS/Secureworks : Redcloak other bounty-eligible
  • 3rd party services hosted at *.sophos.com web bounty-eligible
  • Sophos IT Infrastructure (all other Sophos domains) other bounty-eligible
  • Any Other Sophos Product or Service other bounty-eligible

Out of Scope

community.sophos.com, Any Cyberoam Product or Service, sophos.atlassian.net (Public service desk), SPF/DKIM/DMARC issues, Sophos Firewall (Early Access Program (EAP) versions)

Known Exploited Vulnerabilities 7CVEs

1 linked to ransomware campaigns

  • CVE-2020-15069XG FirewallFeb 6, 202510.7% EPSS

    Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.

  • CVE-2020-29574CyberoamOSFeb 6, 20254.7% EPSS

    CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

  • CVE-2023-1671Web ApplianceNov 16, 2023100.0% EPSS

    Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

  • CVE-2022-3236FirewallSep 23, 202298.9% EPSS

    A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.

  • CVE-2022-1040FirewallMar 31, 202299.8% EPSS

    An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

  • CVE-2020-25223SG UTMMar 25, 202296.7% EPSS

    A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

  • CVE-2020-12271SFOSNov 3, 202143.1% EPSS

    Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

Additional Info

Sources
bugcrowd