CVE-2020-12271 CRITICAL

CVE-2020-12271

Vendor N/A
Product n/a
KEV Status Known Exploited
Ransomware Used in campaigns
Published April 27, 2020
Last update October 21, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

What the vulnerability does

01Description

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

April 27, 2020 CVE published
October 21, 2025 Record updated