Published: 10/09/2013 Updated: 08/11/2016

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance prior to 3.7.9.1 and 3.8 prior to 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sophos web appliance 3.7.8.2
sophos web appliance 3.7.8
sophos web appliance 3.7.3
sophos web appliance 3.7.1
sophos web appliance 3.6.4.2
sophos web appliance 3.6.2.4.0
sophos web appliance 3.6.2.1
sophos web appliance 3.5.3
sophos web appliance 3.5.1.2
sophos web appliance 3.4.5
sophos web appliance 3.4.3.1
sophos web appliance 3.3.6.1
sophos web appliance 3.3.5.1
sophos web appliance 3.3.0
sophos web appliance 3.2.6
sophos web appliance 3.1.4
sophos web appliance 3.1.2
sophos web appliance 3.0.5
sophos web appliance 3.0.3
sophos web appliance 3.7.7
sophos web appliance 3.7.6
sophos web appliance 3.7.5
sophos web appliance 3.7.4
sophos web appliance 3.6.1.1
sophos web appliance 3.6.1
sophos web appliance 3.5.6
sophos web appliance 3.5.5
sophos web appliance 3.4.3
sophos web appliance 3.4.2
sophos web appliance 3.4.1
sophos web appliance 3.4.0
sophos web appliance 3.2.5
sophos web appliance 3.2.4
sophos web appliance 3.2.3
sophos web appliance 3.2.2.1
sophos web appliance 3.2.2
sophos web appliance 3.0.1.1
sophos web appliance 3.0.1
sophos web appliance 3.0.0
sophos web appliance 3.8.1
sophos web appliance 3.8.0
sophos web appliance 3.6.4.1
sophos web appliance 3.6.4
sophos web appliance 3.6.3
sophos web appliance 3.6.2.4.1
sophos web appliance 3.5.1.1
sophos web appliance 3.5.1
sophos web appliance 3.5.0
sophos web appliance 3.4.8
sophos web appliance 3.4.7
sophos web appliance 3.3.4
sophos web appliance 3.3.3.1
sophos web appliance 3.3.3
sophos web appliance 3.3.2
sophos web appliance 3.1.1
sophos web appliance 3.1.0.1
sophos web appliance 3.1.0
sophos web appliance 3.0.5.1
sophos web appliance
sophos web appliance 3.7.8.1
sophos web appliance 3.7.2
sophos web appliance 3.7.0
sophos web appliance 3.6.2.3
sophos web appliance 3.6.2
sophos web appliance 3.5.4
sophos web appliance 3.5.2
sophos web appliance 3.4.6
sophos web appliance 3.4.4
sophos web appliance 3.3.6
sophos web appliance 3.3.5
sophos web appliance 3.3.1
sophos web appliance 3.2.7
sophos web appliance 3.2.1
sophos web appliance 3.1.3
sophos web appliance 3.0.4
sophos web appliance 3.0.2

Core Security Technologies Advisory - Sophos Web Protection Appliance versions 379 and earlier, 381, and 380 suffer from multiple OS command injection vulnerabilities ...

Core Security - Corelabs Advisory corelabscoresecuritycom/ Sophos Web Protection Appliance Multiple Vulnerabilities 1 *Advisory Information* Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-0809 Advisory URL: wwwcoresecuritycom/advisories/sophos-web-protection-appliance-multiple-vulnerabi ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' require 'rex' require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/ ...

CWE-264 CWE-78 http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities http://www.sophos.com/en-us/support/knowledgebase/119773.aspx https://nvd.nist.gov https://packetstormsecurity.com/files/123131/Sophos-Web-Protection-Appliance-Command-Injection.html https://www.exploit-db.com/exploits/28175/

CVE-2013-4984

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect