Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-4984
sophos
web appliance
privilege escalation
clear_keys.pl
cve-2013-4984
nvd
6.4 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.1%
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Affected configurations
Node
sophosweb_applianceRange≤3.7.9
ORsophosweb_applianceMatch3.0.0
ORsophosweb_applianceMatch3.0.1
ORsophosweb_applianceMatch3.0.1.1
ORsophosweb_applianceMatch3.0.2
ORsophosweb_applianceMatch3.0.3
ORsophosweb_applianceMatch3.0.4
ORsophosweb_applianceMatch3.0.5
ORsophosweb_applianceMatch3.0.5.1
ORsophosweb_applianceMatch3.1.0
ORsophosweb_applianceMatch3.1.0.1
ORsophosweb_applianceMatch3.1.1
ORsophosweb_applianceMatch3.1.2
ORsophosweb_applianceMatch3.1.3
ORsophosweb_applianceMatch3.1.4
ORsophosweb_applianceMatch3.2.1
ORsophosweb_applianceMatch3.2.2
ORsophosweb_applianceMatch3.2.2.1
ORsophosweb_applianceMatch3.2.3
ORsophosweb_applianceMatch3.2.4
ORsophosweb_applianceMatch3.2.5
ORsophosweb_applianceMatch3.2.6
ORsophosweb_applianceMatch3.2.7
ORsophosweb_applianceMatch3.3.0
ORsophosweb_applianceMatch3.3.1
ORsophosweb_applianceMatch3.3.2
ORsophosweb_applianceMatch3.3.3
ORsophosweb_applianceMatch3.3.3.1
ORsophosweb_applianceMatch3.3.4
ORsophosweb_applianceMatch3.3.5
ORsophosweb_applianceMatch3.3.5.1
ORsophosweb_applianceMatch3.3.6
ORsophosweb_applianceMatch3.3.6.1
ORsophosweb_applianceMatch3.4.0
ORsophosweb_applianceMatch3.4.1
ORsophosweb_applianceMatch3.4.2
ORsophosweb_applianceMatch3.4.3
ORsophosweb_applianceMatch3.4.3.1
ORsophosweb_applianceMatch3.4.4
ORsophosweb_applianceMatch3.4.5
ORsophosweb_applianceMatch3.4.6
ORsophosweb_applianceMatch3.4.7
ORsophosweb_applianceMatch3.4.8
ORsophosweb_applianceMatch3.5.0
ORsophosweb_applianceMatch3.5.1
ORsophosweb_applianceMatch3.5.1.1
ORsophosweb_applianceMatch3.5.1.2
ORsophosweb_applianceMatch3.5.2
ORsophosweb_applianceMatch3.5.3
ORsophosweb_applianceMatch3.5.4
ORsophosweb_applianceMatch3.5.5
ORsophosweb_applianceMatch3.5.6
ORsophosweb_applianceMatch3.6.1
ORsophosweb_applianceMatch3.6.1.1
ORsophosweb_applianceMatch3.6.2
ORsophosweb_applianceMatch3.6.2.1
ORsophosweb_applianceMatch3.6.2.3
ORsophosweb_applianceMatch3.6.2.4.0
ORsophosweb_applianceMatch3.6.2.4.1
ORsophosweb_applianceMatch3.6.3
ORsophosweb_applianceMatch3.6.4
ORsophosweb_applianceMatch3.6.4.1
ORsophosweb_applianceMatch3.6.4.2
ORsophosweb_applianceMatch3.7.0
ORsophosweb_applianceMatch3.7.1
ORsophosweb_applianceMatch3.7.2
ORsophosweb_applianceMatch3.7.3
ORsophosweb_applianceMatch3.7.4
ORsophosweb_applianceMatch3.7.5
ORsophosweb_applianceMatch3.7.6
ORsophosweb_applianceMatch3.7.7
ORsophosweb_applianceMatch3.7.8
ORsophosweb_applianceMatch3.7.8.1
ORsophosweb_applianceMatch3.7.8.2
ORsophosweb_applianceMatch3.8.0
ORsophosweb_applianceMatch3.8.1
Related
packetstorm
packetstorm
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection
2013-09-07 00:00:00
cvelist
cvelist
CVE-2013-4984
2022-10-03 16:14:58
prion
prion
Design/Logic Flaw
2013-09-10 11:28:00
nvd
nvd
CVE-2013-4984
2013-09-10 11:28:41
zdt
zdt
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection Vulnerability
2013-09-07 00:00:00
securityvulns
securityvulns
Sophos Web Protection Appliance code execution
2013-09-11 00:00:00
[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-11 00:00:00
openvas
openvas
seebug
seebug
Sophos Web Protection Appliance - Multiple Vulnerabilities
2014-07-01 00:00:00
coresecurity
coresecurity
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-06 00:00:00
exploitpack
exploitpack
Sophos Web Protection Appliance - Multiple Vulnerabilities
2013-09-09 00:00:00
nessus
nessus
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-26 00:00:00
dsquare
dsquare
Sophos Web Protection Appliance 3.8.1 RCE
2013-09-10 00:00:00
exploitdb
exploitdb
Sophos Web Protection Appliance - Multiple Vulnerabilities
2013-09-09 00:00:00
6.4 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.1%
Related for CVE-2013-4984