Search...

CVE-2014-2850

2014-04-11T11:55:27

ID CVE-2014-2850
Type cve
Reporter NVD
Modified 2014-04-14T11:38:38

Description

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

JSON Vulners Source

Initial Source

{"modified": "2014-04-14T11:38:38", "id": "CVE-2014-2850", "edition": 1, "objectVersion": "1.2", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2850", "cvelist": ["CVE-2014-2850"], "references": ["http://www.exploit-db.com/exploits/32789", "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx", "http://www.securityfocus.com/bid/66734", "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"], "bulletinFamily": "NVD", "lastseen": "2016-09-03T20:19:44", "title": "CVE-2014-2850", "published": "2014-04-11T11:55:27", "viewCount": 0, "type": "cve", "cpe": ["cpe:/a:sophos:web_appliance_firmware:3.7.8", "cpe:/o:sophos:web_appliance_firmware:3.5.6", "cpe:/o:sophos:web_appliance_firmware:3.6.4.2", "cpe:/o:sophos:web_appliance_firmware:3.4.6", "cpe:/o:sophos:web_appliance_firmware:3.4.3", "cpe:/o:sophos:web_appliance_firmware:3.7.7", "cpe:/o:sophos:web_appliance_firmware:3.4.2", "cpe:/o:sophos:web_appliance_firmware:3.0.0", "cpe:/o:sophos:web_appliance_firmware:3.6.3", "cpe:/o:sophos:web_appliance_firmware:3.1.1", "cpe:/o:sophos:web_appliance_firmware:3.8.0", "cpe:/o:sophos:web_appliance_firmware:3.0.5.1", "cpe:/o:sophos:web_appliance_firmware:3.5.0", "cpe:/o:sophos:web_appliance_firmware:3.7.5", "cpe:/o:sophos:web_appliance_firmware:3.2.1", "cpe:/o:sophos:web_appliance_firmware:3.2.2", "cpe:/o:sophos:web_appliance_firmware:3.7.3", "cpe:/o:sophos:web_appliance_firmware:3.5.2", "cpe:/o:sophos:web_appliance_firmware:3.3.1", "cpe:/o:sophos:web_appliance_firmware:3.7.4", "cpe:/o:sophos:web_appliance_firmware:3.2.4", "cpe:/o:sophos:web_appliance_firmware:3.5.1.2", "cpe:/o:sophos:web_appliance_firmware:3.2.2.1", "cpe:/o:sophos:web_appliance_firmware:3.5.1.1", "cpe:/o:sophos:web_appliance_firmware:3.4.3.1", "cpe:/o:sophos:web_appliance_firmware:3.1.0.1", "cpe:/o:sophos:web_appliance_firmware:3.2.5", "cpe:/o:sophos:web_appliance_firmware:3.7.6", "cpe:/o:sophos:web_appliance_firmware:3.4.5", "cpe:/o:sophos:web_appliance_firmware:3.7.8.1", "cpe:/o:sophos:web_appliance_firmware:3.5.1", "cpe:/o:sophos:web_appliance_firmware:3.6.2.4.0", "cpe:/o:sophos:web_appliance_firmware:3.0.1.1", "cpe:/o:sophos:web_appliance_firmware:3.2.3", "cpe:/o:sophos:web_appliance_firmware:3.0.5", "cpe:/o:sophos:web_appliance_firmware:3.6.4", "cpe:/o:sophos:web_appliance_firmware:3.5.5", "cpe:/o:sophos:web_appliance_firmware:3.3.3", "cpe:/o:sophos:web_appliance_firmware:3.0.1", "cpe:/o:sophos:web_appliance_firmware:3.1.3", "cpe:/o:sophos:web_appliance_firmware:3.0.4", "cpe:/o:sophos:web_appliance_firmware:3.2.6", "cpe:/o:sophos:web_appliance_firmware:3.3.6", "cpe:/o:sophos:web_appliance_firmware:3.3.5", "cpe:/o:sophos:web_appliance_firmware:3.4.0", "cpe:/o:sophos:web_appliance_firmware:3.7.9", "cpe:/o:sophos:web_appliance_firmware:3.6.2", "cpe:/o:sophos:web_appliance_firmware:3.5.3", "cpe:/o:sophos:web_appliance_firmware:3.3.6.1", "cpe:/o:sophos:web_appliance_firmware:3.7.2", "cpe:/o:sophos:web_appliance_firmware:3.3.4", "cpe:/o:sophos:web_appliance_firmware:3.8.1", "cpe:/o:sophos:web_appliance_firmware:3.1.4", "cpe:/o:sophos:web_appliance_firmware:3.5.4", "cpe:/o:sophos:web_appliance_firmware:3.6.2.3", "cpe:/o:sophos:web_appliance_firmware:3.0.2", "cpe:/o:sophos:web_appliance_firmware:3.7.9.1", "cpe:/o:sophos:web_appliance_firmware:3.6.2.4.1", "cpe:/o:sophos:web_appliance_firmware:3.3.0", "cpe:/o:sophos:web_appliance_firmware:3.3.2", "cpe:/o:sophos:web_appliance_firmware:3.4.4", "cpe:/o:sophos:web_appliance_firmware:3.4.1", "cpe:/o:sophos:web_appliance_firmware:3.1.2", "cpe:/o:sophos:web_appliance_firmware:3.1.0", "cpe:/h:sophos:web_appliance:-", "cpe:/o:sophos:web_appliance_firmware:3.6.2.1", "cpe:/o:sophos:web_appliance_firmware:3.4.7", "cpe:/o:sophos:web_appliance_firmware:3.3.5.1", "cpe:/o:sophos:web_appliance_firmware:3.2.7", "cpe:/o:sophos:web_appliance_firmware:3.6.4.1", "cpe:/o:sophos:web_appliance_firmware:3.7.0", "cpe:/o:sophos:web_appliance_firmware:3.8.1.1", "cpe:/o:sophos:web_appliance_firmware:3.7.8.2", "cpe:/o:sophos:web_appliance_firmware:3.4.8", "cpe:/o:sophos:web_appliance_firmware:3.6.1", "cpe:/o:sophos:web_appliance_firmware:3.3.3.1", "cpe:/o:sophos:web_appliance_firmware:3.6.1.1", "cpe:/o:sophos:web_appliance_firmware:3.7.1", "cpe:/o:sophos:web_appliance_firmware:3.0.3"], "description": "The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.", "hash": "2a846297510254bcd19b47f1bf12e5cfe986f71a65c72de3fd03e8a669749538", "reporter": "NVD", "scanner": [], "assessment": {"system": "", "name": "", "href": ""}, "enchantments": {"vulnersScore": 7.5}}

{"result": {"exploitdb": [{"id": "EDB-ID:32789", "type": "exploitdb", "title": "Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution", "description": "Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution. CVE-2014-2850. Remote exploit for unix platform", "published": "2014-04-10T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/32789/", "cvelist": ["CVE-2014-2850", "CVE-2014-2849"], "lastseen": "2016-02-03T17:47:49"}], "kaspersky": [{"id": "KLA10336", "type": "kaspersky", "title": "\r KLA10336Multiple vulnerabilities in Sophos Web Appliance\t\t\t ", "description": "### *CVSS*:\n8.5\n\n### *Detect date*:\n04/11/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple critical vulnerabilities have been found in Sophos Web Appliance. Malicious users can exploit these vulnerabilities to execute arbitrary commands or change admin password. \nBelow is a complete list of vulnerabilities\n\n### *Affected products*:\nSophos Web Appliance versions 3.8.1.1 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Sophos Web Appliance](<https://threats.kaspersky.com/en/product/Sophos-Web-Appliance/>)\n\n### *CVE-IDS*:\n[CVE-2014-2849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2849>) \n[CVE-2014-2850](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2850>)", "published": "2014-04-11T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10336", "cvelist": ["CVE-2014-2850", "CVE-2014-2849"], "lastseen": "2018-03-30T14:10:49"}]}}