What is the severity of CVE-2023-1671?

CVE-2023-1671 has a severity rating of CRITICAL with a CVSS base score of 9.8.

Is CVE-2023-1671 in CISA KEV?

Yes. CVE-2023-1671 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2023-1671 | Critical Vulnerability in Sophos Web Appliance

CVE-2023-1671 is a critical pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance, affecting versions prior to 4.3.10.4. This vulnerability allows execution of arbitrary code, which poses significant risks to organizations using affected systems. The CVSS score for this vulnerability is 9.8, indicating a critical severity level due to its potential impact on confidentiality, integrity, and availability.

Risk to organizations includes unauthorized access and control over sensitive data, leading to potential data breaches and significant operational disruptions. Given the high CVSS score and the nature of the vulnerability, organizations should prioritize patching immediately to mitigate the risk of exploitation.

As of now, there is confirmed public proof of concept information available, and the vulnerability has been noted in the Known Exploited Vulnerabilities (KEV) database, indicating that it is actively being exploited in the wild. Therefore, organizations should take immediate action to protect their environments.

Organizations must address this vulnerability in their priority patch cycle, as the potential consequences of exploitation can be severe.

Vulnerability Details

The official description of CVE-2023-1671 states that it is a pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance versions older than 4.3.10.4. The vulnerability is classified under CWE-77 (Command Injection). The CVSS score is 9.8, indicating a critical severity level, due to its high impact on confidentiality, integrity, and availability.

The vulnerability was published on April 4, 2023. Organizations should note that this vulnerability affects all versions prior to the vendor's patch, ensuring they are aware of their current system status.

Technical Analysis

The root cause of CVE-2023-1671 stems from improper validation of user input in the warn-proceed handler, which can lead to command injection vulnerabilities. The attack vector is network-based, allowing attackers to exploit this vulnerability remotely without needing physical access to the device. The attack complexity is low, requiring no special privileges or user interaction, which makes it particularly dangerous.

The impact on confidentiality, integrity, and availability is high, as successful exploitation could allow unauthorized access and control over the affected systems.

Risk & Impact Analysis

The real-world risk associated with CVE-2023-1671 is significant, as the vulnerability allows attackers to execute arbitrary code remotely. This can lead to unauthorized access to sensitive data and control over the web appliance, resulting in potential data breaches and operational disruptions.

The blast radius could be extensive, affecting any organization using vulnerable versions of the Sophos Web Appliance. As the CVE has been marked as actively exploited in the wild, the urgency for remediation is critical. Organizations should prioritize patching their devices and implementing additional security measures as soon as possible.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

All versions of Sophos Web Appliance prior to version 4.3.10.4 are affected by this vulnerability. Organizations should ensure that their systems are updated to the latest version to mitigate risks.

Mitigation & Remediation

To remediate CVE-2023-1671, organizations should apply the patch provided by Sophos for the Web Appliance. The vendor's advisory details the necessary steps for applying the update. If a patch is unavailable, organizations should consider alternative measures such as disabling the affected functionalities until an update can be applied.

For additional guidance, organizations may refer to the vendor's advisory on penetration testing to validate their security posture.

Detection Guidance

Organizations should monitor for unusual log entries that may indicate attempts to exploit this vulnerability. Behavioral anomalies in system performance or unexpected system changes should be flagged for further investigation.

AppSecure Threat Intelligence Insight

CVE-2023-1671 serves as a critical reminder of the necessity of regular security assessments. Organizations are encouraged to adopt a proactive approach to vulnerability management through vulnerability management programs and engage in penetration testing to identify and address vulnerabilities before they can be exploited.

As the landscape of cyber threats continues to evolve, staying informed and prepared is essential for maintaining robust security postures.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-1671: Critical Vulnerability in Sophos Web Appliance