ID CVE-2014-2850 Type cve Reporter NVD Modified 2014-04-14T11:38:38
Description
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
{"result": {"exploitdb": [{"id": "EDB-ID:32789", "type": "exploitdb", "title": "Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution", "description": "Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution. CVE-2014-2850. Remote exploit for unix platform", "published": "2014-04-10T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/32789/", "cvelist": ["CVE-2014-2850", "CVE-2014-2849"], "lastseen": "2016-02-03T17:47:49"}], "kaspersky": [{"id": "KLA10336", "type": "kaspersky", "title": "\r KLA10336Multiple vulnerabilities in Sophos Web Appliance ", "description": "### *CVSS*:\n8.5\n\n### *Detect date*:\n04/11/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple critical vulnerabilities have been found in Sophos Web Appliance. Malicious users can exploit these vulnerabilities to execute arbitrary commands or change admin password. \nBelow is a complete list of vulnerabilities\n\n### *Affected products*:\nSophos Web Appliance versions 3.8.1.1 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Sophos Web Appliance](<https://threats.kaspersky.com/en/product/Sophos-Web-Appliance/>)\n\n### *CVE-IDS*:\n[CVE-2014-2849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2849>) \n[CVE-2014-2850](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2850>)", "published": "2014-04-11T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10336", "cvelist": ["CVE-2014-2850", "CVE-2014-2849"], "lastseen": "2018-07-06T07:33:32"}], "metasploit": [{"id": "MSF:EXPLOIT/LINUX/HTTP/SOPHOS_WPA_IFACE_EXEC", "type": "metasploit", "title": "Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution", "description": "This module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the administrator's password hash, the module updates the password to login as the admin to reach the second vulnerability. No server-side sanitization is done on values passed when configuring a static network interface. This allows an administrator user to run arbitrary commands in the context of the web application, which is root when configuring the network interface. This module will inadvertently delete any other users that may have been present as a side effect of changing the admin's password.", "published": "2014-04-09T12:17:14", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2014-2849", "CVE-2014-2850"], "lastseen": "2018-07-13T08:32:17"}]}}
