Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
905
VMScore

CVE-2016-9554

Published: 28/01/2017 Updated: 13/03/2017
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 905
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Web Appliance

Vulnerability Summary

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account.

Vulnerable Product Search on Vulmon Subscribe to Product

sophos web appliance 4.2.1.3

Exploits

Exploit DB: Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
# Exploit Title: Sophos Web Appliance diagnostic_tools wget Remote Command Injection Vulnerablity # Date: 12/12/2016 # Exploit Author: xort @ Critical Start # Vendor Homepage: wwwsophoscom # Software Link: sophoscom/en-us/products/secure-web-gatewayaspx # Version: 4213 # Tested on: 4213 # # CVE : CVE-2016-9554 # vuln: diagn ...
Exploit DB: Sophos Web Appliance 4.2.1.3 Remote Command Execution
This Metasploit module exploits a remote command execution vulnerability in the Sophos Web Appliance versions 4213 and below The vulnerability exists in a section of the machine's administrative interface for performing diagnostic network tests with wget and unsanitized user supplied information ...

References

CWE-77https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1http://www.securityfocus.com/bid/95858http://pastebin.com/UB8Ye6ZUhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/41414/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook