Published: 11/04/2014 Updated: 14/04/2014

CVSS v2 Base Score: 8.5 | Impact Score: 9.2 | Exploitability Score: 8

VMScore: 855

Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C

The Change Password dialog box (change_password) in Sophos Web Appliance prior to 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sophos web appliance firmware 3.7.8
sophos web appliance firmware
sophos web appliance firmware 3.0.0
sophos web appliance firmware 3.0.1
sophos web appliance firmware 3.0.1.1
sophos web appliance firmware 3.0.2
sophos web appliance firmware 3.0.3
sophos web appliance firmware 3.0.4
sophos web appliance firmware 3.0.5
sophos web appliance firmware 3.0.5.1
sophos web appliance firmware 3.1.0
sophos web appliance firmware 3.1.0.1
sophos web appliance firmware 3.1.1
sophos web appliance firmware 3.1.2
sophos web appliance firmware 3.1.3
sophos web appliance firmware 3.1.4
sophos web appliance firmware 3.2.1
sophos web appliance firmware 3.2.2
sophos web appliance firmware 3.2.2.1
sophos web appliance firmware 3.2.3
sophos web appliance firmware 3.2.4
sophos web appliance firmware 3.2.5
sophos web appliance firmware 3.2.6
sophos web appliance firmware 3.2.7
sophos web appliance firmware 3.3.0
sophos web appliance firmware 3.3.1
sophos web appliance firmware 3.3.2
sophos web appliance firmware 3.3.3
sophos web appliance firmware 3.3.3.1
sophos web appliance firmware 3.3.4
sophos web appliance firmware 3.3.5
sophos web appliance firmware 3.3.5.1
sophos web appliance firmware 3.3.6
sophos web appliance firmware 3.3.6.1
sophos web appliance firmware 3.4.0
sophos web appliance firmware 3.4.1
sophos web appliance firmware 3.4.2
sophos web appliance firmware 3.4.3
sophos web appliance firmware 3.4.3.1
sophos web appliance firmware 3.4.4
sophos web appliance firmware 3.4.5
sophos web appliance firmware 3.4.6
sophos web appliance firmware 3.4.7
sophos web appliance firmware 3.4.8
sophos web appliance firmware 3.5.0
sophos web appliance firmware 3.5.1
sophos web appliance firmware 3.5.1.1
sophos web appliance firmware 3.5.1.2
sophos web appliance firmware 3.5.2
sophos web appliance firmware 3.5.3
sophos web appliance firmware 3.5.4
sophos web appliance firmware 3.5.5
sophos web appliance firmware 3.5.6
sophos web appliance firmware 3.6.1
sophos web appliance firmware 3.6.1.1
sophos web appliance firmware 3.6.2
sophos web appliance firmware 3.6.2.1
sophos web appliance firmware 3.6.2.3
sophos web appliance firmware 3.6.2.4.0
sophos web appliance firmware 3.6.2.4.1
sophos web appliance firmware 3.6.3
sophos web appliance firmware 3.6.4
sophos web appliance firmware 3.6.4.1
sophos web appliance firmware 3.6.4.2
sophos web appliance firmware 3.7.0
sophos web appliance firmware 3.7.1
sophos web appliance firmware 3.7.2
sophos web appliance firmware 3.7.3
sophos web appliance firmware 3.7.4
sophos web appliance firmware 3.7.5
sophos web appliance firmware 3.7.6
sophos web appliance firmware 3.7.7
sophos web appliance firmware 3.7.8.1
sophos web appliance firmware 3.7.8.2
sophos web appliance firmware 3.7.9
sophos web appliance firmware 3.7.9.1
sophos web appliance firmware 3.8.0
sophos web appliance firmware 3.8.1
sophos web appliance -

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' ...

CWE-264 http://www.sophos.com/en-us/support/knowledgebase/120230.aspx http://www.zerodayinitiative.com/advisories/ZDI-14-069/http://secunia.com/advisories/57706 http://www.securityfocus.com/bid/66734 http://www.exploit-db.com/exploits/32789 https://nvd.nist.gov https://www.exploit-db.com/exploits/32789/

Get Started

CVE-2014-2849

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect