Sophos Web Appliance Vulnerabilities (#412)

* Compromised Microsoft Key advisory

* CISA Releases IDOR Vulnerability joint Advisory - 20230801001

* Sophos Web Appliance Vulnerabilities

* Update 20231117002-Sophos-Web-Appliance-Vulnerability.md

---------

Co-authored-by: Adon Metcalfe <[email protected]>

Author: thiagoai1

docs/advisories/20231117002-Sophos-Web-Appliance-Vulnerability.md

@@ -0,0 +1,33 @@
+# Sophos Web Appliance Command Injection Vulnerability - 20231117002
+
+## Overview
+
+A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
+
+## What is the vulnerability?
+
+[**CVE-2023-1671**](https://nvd.nist.gov/vuln/detail/CVE-2023-1671) - CVSS v3 Base Score: ***9.8***
+
+## What is vulnerable?
+
+ Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
+
+The vulnerability affects the following products:
+
+- Sophos Web Appliance Appliance older than version 4.3.10.4
+
+## What has been observed?
+
+There is evidence of active exploitation and the vulnerability was added to the [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) on **2023-11-16**.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Sophos Web Appliance 4.3.10.4 Resolves Security Vulnerabilities](https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce)
+
+## Additional References
+
+- [Sophos Web Appliance 4.3.10.4 Resolves Security Vulnerabilities](https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce)
+- [Sophos Web Appliance 4.3.10.4 Command Injection](https://packetstormsecurity.com/files/172016/Sophos-Web-Appliance-4.3.10.4-Command-Injection.html)
+