Published: 11/04/2014 Updated: 14/04/2014

CVSS v2 Base Score: 8.5 | Impact Score: 9.2 | Exploitability Score: 8

VMScore: 855

Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C

The Change Password dialog box (change_password) in Sophos Web Appliance prior to 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sophos web_appliance_firmware 3.7.5
sophos web_appliance_firmware 3.7.4
sophos web_appliance_firmware 3.7.3
sophos web_appliance_firmware 3.7.2
sophos web_appliance_firmware 3.5.6
sophos web_appliance_firmware 3.5.5
sophos web_appliance_firmware 3.5.4
sophos web_appliance_firmware 3.5.3
sophos web_appliance_firmware 3.4.1
sophos web_appliance_firmware 3.4.0
sophos web_appliance_firmware 3.3.6.1
sophos web_appliance_firmware 3.3.6
sophos web_appliance_firmware 3.2.3
sophos web_appliance_firmware 3.2.2.1
sophos web_appliance_firmware 3.2.2
sophos web_appliance_firmware 3.2.1
sophos web_appliance_firmware 3.1.4
sophos web_appliance_firmware 3.0.0
sophos web_appliance_firmware 3.8.0
sophos web_appliance_firmware 3.7.9.1
sophos web_appliance_firmware 3.7.9
sophos web_appliance_firmware 3.7.8.2
sophos web_appliance_firmware 3.6.3
sophos web_appliance_firmware 3.6.2.4.1
sophos web_appliance_firmware 3.6.2.4.0
sophos web_appliance_firmware 3.6.2.3
sophos web_appliance_firmware 3.5.0
sophos web_appliance_firmware 3.4.8
sophos web_appliance_firmware 3.4.7
sophos web_appliance_firmware 3.4.6
sophos web_appliance_firmware 3.4.5
sophos web_appliance_firmware 3.3.3
sophos web_appliance_firmware 3.3.2
sophos web_appliance_firmware 3.3.1
sophos web_appliance_firmware 3.3.0
sophos web_appliance_firmware 3.1.0
sophos web_appliance_firmware 3.0.5.1
sophos web_appliance_firmware 3.0.5
sophos web_appliance_firmware 3.0.4
sophos web_appliance_firmware
sophos web_appliance_firmware 3.7.8
sophos web_appliance_firmware 3.7.6
sophos web_appliance_firmware 3.7.1
sophos web_appliance_firmware 3.6.4.2
sophos web_appliance_firmware 3.6.4
sophos web_appliance_firmware 3.6.2.1
sophos web_appliance_firmware 3.6.1.1
sophos web_appliance_firmware 3.5.1.2
sophos web_appliance_firmware 3.5.1
sophos web_appliance_firmware 3.4.3.1
sophos web_appliance_firmware 3.4.2
sophos web_appliance_firmware 3.3.5.1
sophos web_appliance_firmware 3.3.4
sophos web_appliance_firmware 3.2.6
sophos web_appliance_firmware 3.2.4
sophos web_appliance_firmware 3.1.2
sophos web_appliance_firmware 3.1.0.1
sophos web_appliance_firmware 3.0.3
sophos web_appliance_firmware 3.0.1.1
sophos web_appliance_firmware 3.8.1
sophos web_appliance_firmware 3.7.8.1
sophos web_appliance_firmware 3.7.7
sophos web_appliance_firmware 3.7.0
sophos web_appliance_firmware 3.6.4.1
sophos web_appliance_firmware 3.6.2
sophos web_appliance_firmware 3.6.1
sophos web_appliance_firmware 3.5.2
sophos web_appliance_firmware 3.5.1.1
sophos web_appliance_firmware 3.4.4
sophos web_appliance_firmware 3.4.3
sophos web_appliance_firmware 3.3.5
sophos web_appliance_firmware 3.3.3.1
sophos web_appliance_firmware 3.2.7
sophos web_appliance_firmware 3.2.5
sophos web_appliance_firmware 3.1.3
sophos web_appliance_firmware 3.1.1
sophos web_appliance_firmware 3.0.2
sophos web_appliance_firmware 3.0.1
sophos web_appliance -

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' ...

CWE-264 http://www.sophos.com/en-us/support/knowledgebase/120230.aspx http://www.zerodayinitiative.com/advisories/ZDI-14-069/http://secunia.com/advisories/57706 http://www.securityfocus.com/bid/66734 http://www.exploit-db.com/exploits/32789 https://nvd.nist.gov https://www.exploit-db.com/exploits/32789/

Get Started

CVE-2014-2849

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect