ID CVE-2014-2850
Type cve
Reporter NVD
Modified 2014-04-14T11:38:38
Description
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
{"modified": "2014-04-14T11:38:38", "id": "CVE-2014-2850", "edition": 1, "objectVersion": "1.2", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2850", "cvelist": ["CVE-2014-2850"], "references": ["http://www.exploit-db.com/exploits/32789", "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx", "http://www.securityfocus.com/bid/66734", "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"], "bulletinFamily": "NVD", "lastseen": "2016-09-03T20:19:44", "title": "CVE-2014-2850", "published": "2014-04-11T11:55:27", "viewCount": 0, "type": "cve", "cpe": ["cpe:/a:sophos:web_appliance_firmware:3.7.8", "cpe:/o:sophos:web_appliance_firmware:3.5.6", "cpe:/o:sophos:web_appliance_firmware:3.6.4.2", "cpe:/o:sophos:web_appliance_firmware:3.4.6", "cpe:/o:sophos:web_appliance_firmware:3.4.3", "cpe:/o:sophos:web_appliance_firmware:3.7.7", "cpe:/o:sophos:web_appliance_firmware:3.4.2", "cpe:/o:sophos:web_appliance_firmware:3.0.0", "cpe:/o:sophos:web_appliance_firmware:3.6.3", "cpe:/o:sophos:web_appliance_firmware:3.1.1", "cpe:/o:sophos:web_appliance_firmware:3.8.0", "cpe:/o:sophos:web_appliance_firmware:3.0.5.1", "cpe:/o:sophos:web_appliance_firmware:3.5.0", "cpe:/o:sophos:web_appliance_firmware:3.7.5", "cpe:/o:sophos:web_appliance_firmware:3.2.1", "cpe:/o:sophos:web_appliance_firmware:3.2.2", "cpe:/o:sophos:web_appliance_firmware:3.7.3", "cpe:/o:sophos:web_appliance_firmware:3.5.2", "cpe:/o:sophos:web_appliance_firmware:3.3.1", "cpe:/o:sophos:web_appliance_firmware:3.7.4", "cpe:/o:sophos:web_appliance_firmware:3.2.4", "cpe:/o:sophos:web_appliance_firmware:3.5.1.2", "cpe:/o:sophos:web_appliance_firmware:3.2.2.1", "cpe:/o:sophos:web_appliance_firmware:3.5.1.1", "cpe:/o:sophos:web_appliance_firmware:3.4.3.1", "cpe:/o:sophos:web_appliance_firmware:3.1.0.1", "cpe:/o:sophos:web_appliance_firmware:3.2.5", "cpe:/o:sophos:web_appliance_firmware:3.7.6", "cpe:/o:sophos:web_appliance_firmware:3.4.5", "cpe:/o:sophos:web_appliance_firmware:3.7.8.1", "cpe:/o:sophos:web_appliance_firmware:3.5.1", "cpe:/o:sophos:web_appliance_firmware:3.6.2.4.0", "cpe:/o:sophos:web_appliance_firmware:3.0.1.1", "cpe:/o:sophos:web_appliance_firmware:3.2.3", "cpe:/o:sophos:web_appliance_firmware:3.0.5", "cpe:/o:sophos:web_appliance_firmware:3.6.4", "cpe:/o:sophos:web_appliance_firmware:3.5.5", "cpe:/o:sophos:web_appliance_firmware:3.3.3", "cpe:/o:sophos:web_appliance_firmware:3.0.1", "cpe:/o:sophos:web_appliance_firmware:3.1.3", "cpe:/o:sophos:web_appliance_firmware:3.0.4", "cpe:/o:sophos:web_appliance_firmware:3.2.6", "cpe:/o:sophos:web_appliance_firmware:3.3.6", "cpe:/o:sophos:web_appliance_firmware:3.3.5", "cpe:/o:sophos:web_appliance_firmware:3.4.0", "cpe:/o:sophos:web_appliance_firmware:3.7.9", "cpe:/o:sophos:web_appliance_firmware:3.6.2", "cpe:/o:sophos:web_appliance_firmware:3.5.3", "cpe:/o:sophos:web_appliance_firmware:3.3.6.1", "cpe:/o:sophos:web_appliance_firmware:3.7.2", "cpe:/o:sophos:web_appliance_firmware:3.3.4", "cpe:/o:sophos:web_appliance_firmware:3.8.1", "cpe:/o:sophos:web_appliance_firmware:3.1.4", "cpe:/o:sophos:web_appliance_firmware:3.5.4", "cpe:/o:sophos:web_appliance_firmware:3.6.2.3", "cpe:/o:sophos:web_appliance_firmware:3.0.2", "cpe:/o:sophos:web_appliance_firmware:3.7.9.1", "cpe:/o:sophos:web_appliance_firmware:3.6.2.4.1", "cpe:/o:sophos:web_appliance_firmware:3.3.0", "cpe:/o:sophos:web_appliance_firmware:3.3.2", "cpe:/o:sophos:web_appliance_firmware:3.4.4", "cpe:/o:sophos:web_appliance_firmware:3.4.1", "cpe:/o:sophos:web_appliance_firmware:3.1.2", "cpe:/o:sophos:web_appliance_firmware:3.1.0", "cpe:/h:sophos:web_appliance:-", "cpe:/o:sophos:web_appliance_firmware:3.6.2.1", "cpe:/o:sophos:web_appliance_firmware:3.4.7", "cpe:/o:sophos:web_appliance_firmware:3.3.5.1", "cpe:/o:sophos:web_appliance_firmware:3.2.7", "cpe:/o:sophos:web_appliance_firmware:3.6.4.1", "cpe:/o:sophos:web_appliance_firmware:3.7.0", "cpe:/o:sophos:web_appliance_firmware:3.8.1.1", "cpe:/o:sophos:web_appliance_firmware:3.7.8.2", "cpe:/o:sophos:web_appliance_firmware:3.4.8", "cpe:/o:sophos:web_appliance_firmware:3.6.1", "cpe:/o:sophos:web_appliance_firmware:3.3.3.1", "cpe:/o:sophos:web_appliance_firmware:3.6.1.1", "cpe:/o:sophos:web_appliance_firmware:3.7.1", "cpe:/o:sophos:web_appliance_firmware:3.0.3"], "description": "The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.", "hash": "2a846297510254bcd19b47f1bf12e5cfe986f71a65c72de3fd03e8a669749538", "reporter": "NVD", "scanner": [], "assessment": {"system": "", "name": "", "href": ""}, "enchantments": {"vulnersScore": 7.5}}
{"result": {"exploitdb": [{"id": "EDB-ID:32789", "type": "exploitdb", "title": "Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution", "description": "Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution. CVE-2014-2850. Remote exploit for unix platform", "published": "2014-04-10T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/32789/", "cvelist": ["CVE-2014-2850", "CVE-2014-2849"], "lastseen": "2016-02-03T17:47:49"}], "kaspersky": [{"id": "KLA10336", "type": "kaspersky", "title": "\r KLA10336Multiple vulnerabilities in Sophos Web Appliance\t\t\t ", "description": "### *CVSS*:\n8.5\n\n### *Detect date*:\n04/11/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple critical vulnerabilities have been found in Sophos Web Appliance. Malicious users can exploit these vulnerabilities to execute arbitrary commands or change admin password. \nBelow is a complete list of vulnerabilities\n\n### *Affected products*:\nSophos Web Appliance versions 3.8.1.1 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Sophos Web Appliance](<https://threats.kaspersky.com/en/product/Sophos-Web-Appliance/>)\n\n### *CVE-IDS*:\n[CVE-2014-2849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2849>) \n[CVE-2014-2850](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2850>)", "published": "2014-04-11T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10336", "cvelist": ["CVE-2014-2850", "CVE-2014-2849"], "lastseen": "2018-03-30T14:10:49"}]}}