Vulners
Lucene search
Sophos Mobile Control 3.5.0.3 Open Reverse Proxy
🗓️ 05 Aug 2016 00:00:00Reported by Tim KretschmannType 
packetstorm🔗 packetstormsecurity.com👁 56 Views
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | Sophos Mobile Control EAS Proxy Information Disclosure Vulnerability | 11 Aug 201600:00 | – | cnvd |
 | CVE-2016-6597 | 10 Aug 201614:00 | – | cve |
 | CVE-2016-6597 | 10 Aug 201614:00 | – | cvelist |
 | EUVD-2016-7515 | 7 Oct 202500:30 | – | euvd |
 | CVE-2016-6597 | 10 Aug 201614:59 | – | nvd |
 | Open redirect | 10 Aug 201614:59 | – | prion |
`Application: Sophos Mobile Control EAS Proxy
Versions Affected: 3.5.0.3
Vendor URL: https://www.sophos.com/
Bugs: Open Reverse Proxy
Sent: 30.06.2016
Reported: 05.07.2016
Vendor response: 13.07.2016
Published BugFix by vendor: 28.07.2016
Date of Public Advisory: 05.08.2016
Reference: Sophos Case #6061906
Author: Tim Kretschmann (Pallas GmbH)
Version and State of report: 0.9 ? PrePublic
Description
1. ADVISORY INFORMATION
Title: Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability
Risk: high
Advisory URL:
https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability
Date published: 05.08.2016
Vendors contacted: Sophos
2. VULNERABILITY INFORMATION
Impact: access to any web-resources of the backend mail system, if Lotus
Traveler option is enabled
Remotely Exploitable: Yes
Locally Exploitable: No
CVE: CVE-2016-6597
CVSS Base Score v2: 8.6 / 10
CVSS Base Vector: 3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
3. VULNERABILITY DESCRIPTION
Sophos EAS Proxy is part of the Enterprise Mobility Management (EMM)
platform Sophos Mobile Control, which allows control of mail access for
managed mobile devices.
Anonymous attackers can access any web-resources of the backend mail
system like Microsoft Exchange or IBM Domino, if Lotus Traveler option is
enabled. Brute force attacks against users in the backend mail system are
also possible.
4. VULNERABLE PACKAGES
Sophos Mobile Control EAS Proxy Version 3.5.0.3
Other versions are probably affected too, but they were not checked.
5. SOLUTIONS AND WORKAROUNDS
Solution: Update to ?Sophos Mobile Control EAS Proxy 6.2.0.exe?
Workaround: Disable Lotus Traveler Option if possible, limit access on
web-resources of backend mail system
6. AUTHOR
Tim Kretschmann (Pallas GmbH)
7. TECHNICAL DESCRIPTION
Proof of Concept for IBM Domino
https://<PublicIP_of_EASProxy>:<Port_of_EASProxy>/da.nsf
https://<PublicIP_of_EASProxy>:<Port_of_EASProxy>/dba4.nsf
https://<PublicIP_of_EASProxy>:<Port_of_EASProxy>/homepage.nsf
8. ABOUT Pallas GmbH
Pallas GmbH, located in Germany, provides managed and hosting services
with focus on Security.
Adress: Pallas GmbH, Hermuelheimer Str. 8a, 50321 Bruehl, GERMANY
Phone: 0049.2232.18960
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Aug 2016 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.00164