CVE-2020-12271

ENISA EUVD: EUVD-2020-4584 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 3 articles

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

86.65%

probability

This CVE has a 86.65% probability of being exploited in the next 30 days.

0% Top 99.4th percentile of all CVEs 100%

CVSS v3.0

Source: NVD

10.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

Description

Project Zero

SQL injection in admin interface/user portal

Affected Products

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89 · SQL Injection CWE-943 · Improper Neutralization of Special Elements in Data Query Logic

Google Project Zero

Discovered

April 22, 2020

Patched

April 25, 2020

Reported by

???

Root Cause Analysis

???

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

TheHackerNews

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

TheHackerNews

US sanctions Chinese firm for hacking firewalls in ransomware attacks

BleepingComputer Dec 10, 2024

Signal Intelligence

Confidenceⓘ

92%

EPSS 86.65%

CVSS v3.0 10.0

Mentions 3

Last Seen Dec 10, 2024

CNA Information

Analyst Note

This critical SQL injection vulnerability (CVSS 10.0) in Sophos XG Firewall was actively exploited in the wild in April 2020 and documented in Google Project Zero, providing strong evidence of confirmation. The vulnerability affected widely-deployed firewall devices with unauthenticated exposure on WAN zones and enabled remote code execution with credential theft, making it a high-impact confirmed threat.

Triage Info

Decided atMar 03, 2026