{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13974", "assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5", "state": "PUBLISHED", "assignerShortName": "Sophos", "dateReserved": "2025-07-14T09:51:15.265Z", "datePublished": "2025-07-21T13:34:11.656Z", "dateUpdated": "2025-07-21T15:00:59.445Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sophos Firewall", "vendor": "Sophos", "versions": [{"lessThan": "21.0 MR1 (21.0.1)", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "The UK's National Cyber Security Centre (NCSC)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall\u2019s DNS environment to achieve remote code execution.</p>"}], "value": "A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall\u2019s DNS environment to achieve remote code execution."}], "impacts": [{"capecId": "CAPEC-598", "descriptions": [{"lang": "en", "value": "CAPEC-598 DNS Spoofing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-807", "description": "CWE-807 Reliance on Untrusted Inputs in a Security Decision", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5", "shortName": "Sophos", "dateUpdated": "2025-07-21T13:36:16.384Z"}, "references": [{"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-21T15:00:43.012301Z", "id": "CVE-2024-13974", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T15:00:59.445Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-13974", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-21T15:00:43.012301Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T15:00:54.660Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "The UK's National Cyber Security Centre (NCSC)"}], "impacts": [{"capecId": "CAPEC-598", "descriptions": [{"lang": "en", "value": "CAPEC-598 DNS Spoofing"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sophos", "product": "Sophos Firewall", "versions": [{"status": "affected", "version": "0", "lessThan": "21.0 MR1 (21.0.1)", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall\u2019s DNS environment to achieve remote code execution.", "supportingMedia": [{"type": "text/html", "value": "<p>A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall\u2019s DNS environment to achieve remote code execution.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-807", "description": "CWE-807 Reliance on Untrusted Inputs in a Security Decision"}]}], "providerMetadata": {"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5", "shortName": "Sophos", "dateUpdated": "2025-07-21T13:36:16.384Z"}}}, "cveMetadata": {"cveId": "CVE-2024-13974", "state": "PUBLISHED", "dateUpdated": "2025-07-21T15:00:59.445Z", "dateReserved": "2025-07-14T09:51:15.265Z", "assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5", "datePublished": "2025-07-21T13:34:11.656Z", "assignerShortName": "Sophos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sophos:firewall_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F61096C-54B8-491E-963C-4461F0657EE8", "versionEndExcluding": "21.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sophos:firewall:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F728103-324C-4F34-9EE6-6E922018A2EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall\u2019s DNS environment to achieve remote code execution."}, {"lang": "es", "value": "Una vulnerabilidad de l\u00f3gica empresarial en el componente Up2Date de Sophos Firewall anterior a la versi\u00f3n 21.0 MR1 (20.0.1) puede llevar a que los atacantes controlen el entorno DNS del firewall para lograr la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2024-13974", "lastModified": "2025-11-17T16:25:08.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-21T14:15:29.173", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-807"}], "source": "[email protected]", "type": "Secondary"}]}

{}