[email protected]CVE-2014-2850

HistoryApr 11, 2014 - 3:55 p.m.

CVE-2014-2850

2014-04-1115:55:00

CWE-78

[email protected]

web.nvd.nist.gov

sophos

web appliance

cve-2014-2850

network security

remote code execution

vulnerability

7.8 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.494 Medium

EPSS

Percentile

97.5%

JSON

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

CPENameOperatorVersion
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.7.8
sophos:web_appliance_firmwaresophos web appliance firmwarele3.8.1.1
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.0
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.1
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.1.1
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.2
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.3
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.4
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.5
sophos:web_appliance_firmwaresophos web appliance firmwareeq3.0.5.1

CPE	Name	Operator	Version
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.7.8
sophos:web_appliance_firmware	sophos web appliance firmware	le	3.8.1.1
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.0
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.1
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.1.1
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.2
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.3
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.4
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.5
sophos:web_appliance_firmware	sophos web appliance firmware	eq	3.0.5.1

Rows per page:

1-10 of 791

References

secunia.com/advisories/57706

www.exploit-db.com/exploits/32789

www.securityfocus.com/bid/66734

www.sophos.com/en-us/support/knowledgebase/120230.aspx

www.zerodayinitiative.com/advisories/ZDI-14-069/

7.8 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.494 Medium

EPSS

Percentile

97.5%

JSON

Related for CVE-2014-2850

cvelist1 checkpoint_advisories1 prion1 kaspersky1