Published: 11/04/2014 Updated: 14/04/2014

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 855

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

The network interface configuration page (netinterface) in Sophos Web Appliance prior to 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sophos web_appliance_firmware 3.7.3
sophos web_appliance_firmware 3.7.2
sophos web_appliance_firmware 3.7.1
sophos web_appliance_firmware 3.7.0
sophos web_appliance_firmware 3.5.4
sophos web_appliance_firmware 3.5.3
sophos web_appliance_firmware 3.5.2
sophos web_appliance_firmware 3.5.1.2
sophos web_appliance_firmware 3.4.0
sophos web_appliance_firmware 3.3.6.1
sophos web_appliance_firmware 3.3.6
sophos web_appliance_firmware 3.3.5.1
sophos web_appliance_firmware 3.2.2
sophos web_appliance_firmware 3.2.1
sophos web_appliance_firmware 3.1.4
sophos web_appliance_firmware 3.1.3
sophos web_appliance_firmware 3.7.9
sophos web_appliance_firmware 3.7.8.2
sophos web_appliance_firmware 3.7.8.1
sophos web_appliance_firmware 3.7.8
sophos web_appliance_firmware 3.6.2.4.1
sophos web_appliance_firmware 3.6.2.4.0
sophos web_appliance_firmware 3.6.2.3
sophos web_appliance_firmware 3.6.2.1
sophos web_appliance_firmware 3.4.7
sophos web_appliance_firmware 3.4.6
sophos web_appliance_firmware 3.4.5
sophos web_appliance_firmware 3.4.4
sophos web_appliance_firmware 3.3.1
sophos web_appliance_firmware 3.3.0
sophos web_appliance_firmware 3.2.7
sophos web_appliance_firmware 3.2.6
sophos web_appliance_firmware 3.0.5.1
sophos web_appliance_firmware 3.0.5
sophos web_appliance_firmware 3.0.4
sophos web_appliance_firmware 3.0.3
sophos web_appliance_firmware 3.0.2
sophos web_appliance_firmware
sophos web_appliance_firmware 3.8.0
sophos web_appliance_firmware 3.7.6
sophos web_appliance_firmware 3.7.4
sophos web_appliance_firmware 3.6.4.2
sophos web_appliance_firmware 3.6.4
sophos web_appliance_firmware 3.6.1.1
sophos web_appliance_firmware 3.5.6
sophos web_appliance_firmware 3.5.1
sophos web_appliance_firmware 3.4.8
sophos web_appliance_firmware 3.4.3.1
sophos web_appliance_firmware 3.4.2
sophos web_appliance_firmware 3.3.4
sophos web_appliance_firmware 3.3.3
sophos web_appliance_firmware 3.2.4
sophos web_appliance_firmware 3.2.2.1
sophos web_appliance_firmware 3.1.2
sophos web_appliance_firmware 3.1.0.1
sophos web_appliance_firmware 3.0.1.1
sophos web_appliance_firmware 3.0.0
sophos web_appliance_firmware 3.8.1
sophos web_appliance_firmware 3.7.9.1
sophos web_appliance_firmware 3.7.7
sophos web_appliance_firmware 3.7.5
sophos web_appliance_firmware 3.6.4.1
sophos web_appliance_firmware 3.6.3
sophos web_appliance_firmware 3.6.2
sophos web_appliance_firmware 3.6.1
sophos web_appliance_firmware 3.5.5
sophos web_appliance_firmware 3.5.1.1
sophos web_appliance_firmware 3.5.0
sophos web_appliance_firmware 3.4.3
sophos web_appliance_firmware 3.4.1
sophos web_appliance_firmware 3.3.5
sophos web_appliance_firmware 3.3.3.1
sophos web_appliance_firmware 3.3.2
sophos web_appliance_firmware 3.2.5
sophos web_appliance_firmware 3.2.3
sophos web_appliance_firmware 3.1.1
sophos web_appliance_firmware 3.1.0
sophos web_appliance_firmware 3.0.1
sophos web_appliance -

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' ...

CWE-78 http://www.securityfocus.com/bid/66734 http://www.exploit-db.com/exploits/32789 http://secunia.com/advisories/57706 http://www.zerodayinitiative.com/advisories/ZDI-14-069/http://www.sophos.com/en-us/support/knowledgebase/120230.aspx https://nvd.nist.gov https://www.exploit-db.com/exploits/32789/

Get Started

CVE-2014-2850

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect