🔴 CVE-2020-15069

Critical buffer overflow vulnerability in Sophos XG Firewall's HTTP/S Bookmarks feature that allows remote code execution without authentication. This vulnerability affects firewall appliances that are inherently internet-facing and is actively exploited in the wild.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2020-06-29

Added to CISA KEV: 2025-02-06 1683 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2020-15069 is a critical vulnerability affecting Sophos XG Firewall that allows for remote code execution (RCE) via a buffer overflow in the HTTP/S Bookmarks feature used for clientless access [1] [4].

Key Details
CategoryInformation
Affected VersionsSophos XG Firewall versions 17.x through v17.5 MR12 [1]
ExploitationConfirmed to have been exploited in the wild [3]
Attack VectorRemote (Network-based) [1]
ImpactComplete system compromise (Remote Code Execution) [2]
MitigationHotfix HF062020.1 was released for all affected v17.x firewalls [1]
Additional Context
  • Exploitation in the Wild: The vulnerability was actively exploited in the wild, leading to its inclusion in CISA’s Known Exploited Vulnerabilities (KEV) Catalog [1] [3].
  • Attack Method: The vulnerability is triggered through the HTTP/S Bookmarks feature, which is part of the firewall's clientless access functionality [1].
  • Access/Impact: Successful exploitation provides an attacker with the ability to execute arbitrary code on the firewall, effectively granting them complete control over the device [2].
  • Availability: The vulnerability is publicly disclosed, and information regarding its exploitability is widely available in security databases [2].

Sources

  1. CVE-2020-15069 Detail - NVD

    Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. ... CVE-2020-15069 Detail. Description. Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S B…

  2. CVE-2020-15069 - Sophos XG Firewall Buffer Overflow... | VulnWire

    Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.Exploitability. Medium - Publicly disclosed. Impact. Complete system compromise possible. Additional Notes. https://community.sophos.com/b/security-blog/posts/advisory-…

  3. CVE-2020-15069 - Exploits & Severity - Feedly

    Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. ... CVEs. CVE-2020-15069. Proof of exploitExploited in the wild.CVE info copied to clipboard. Summary. A Buffer Overflow vulnerability exists in Sopho…

  4. CVE-2020-15069 | Critical Vulnerability in Sophos XG Firewall

    The affected product is the Sophos XG Firewall, specifically versions 17.x through v17.5 MR12. The vulnerability was published on June 29, 2020, and is ... Vulnerability Details The CVE-2020-15069 vulnerability allows for a buffer overflow and remote code execution via the HTTP/S Bookmarks feature f…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed