Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2849

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2014-2849
Last Modified 14 Apr 2014 11:38:12
Published 11 Apr 2014 11:55:27
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-2849

Summary

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

Vulnerable Systems

Operating System

  • Sophos Web Appliance Firmware 3.0.0

  • Sophos Web Appliance Firmware 3.0.1

  • Sophos Web Appliance Firmware 3.0.1.1

  • Sophos Web Appliance Firmware 3.0.2

  • Sophos Web Appliance Firmware 3.0.3

  • Sophos Web Appliance Firmware 3.0.4

  • Sophos Web Appliance Firmware 3.0.5

  • Sophos Web Appliance Firmware 3.0.5.1

  • Sophos Web Appliance Firmware 3.1.0

  • Sophos Web Appliance Firmware 3.1.0.1

  • Sophos Web Appliance Firmware 3.1.1

  • Sophos Web Appliance Firmware 3.1.2

  • Sophos Web Appliance Firmware 3.1.3

  • Sophos Web Appliance Firmware 3.1.4

  • Sophos Web Appliance Firmware 3.2.1

  • Sophos Web Appliance Firmware 3.2.2

  • Sophos Web Appliance Firmware 3.2.2.1

  • Sophos Web Appliance Firmware 3.2.3

  • Sophos Web Appliance Firmware 3.2.4

  • Sophos Web Appliance Firmware 3.2.5

  • Sophos Web Appliance Firmware 3.2.6

  • Sophos Web Appliance Firmware 3.2.7

  • Sophos Web Appliance Firmware 3.3.0

  • Sophos Web Appliance Firmware 3.3.1

  • Sophos Web Appliance Firmware 3.3.2

  • Sophos Web Appliance Firmware 3.3.3

  • Sophos Web Appliance Firmware 3.3.3.1

  • Sophos Web Appliance Firmware 3.3.4

  • Sophos Web Appliance Firmware 3.3.5

  • Sophos Web Appliance Firmware 3.3.5.1

  • Sophos Web Appliance Firmware 3.3.6

  • Sophos Web Appliance Firmware 3.3.6.1

  • Sophos Web Appliance Firmware 3.4.0

  • Sophos Web Appliance Firmware 3.4.1

  • Sophos Web Appliance Firmware 3.4.2

  • Sophos Web Appliance Firmware 3.4.3

  • Sophos Web Appliance Firmware 3.4.3.1

  • Sophos Web Appliance Firmware 3.4.4

  • Sophos Web Appliance Firmware 3.4.5

  • Sophos Web Appliance Firmware 3.4.6

  • Sophos Web Appliance Firmware 3.4.7

  • Sophos Web Appliance Firmware 3.4.8

  • Sophos Web Appliance Firmware 3.5.0

  • Sophos Web Appliance Firmware 3.5.1

  • Sophos Web Appliance Firmware 3.5.1.1

  • Sophos Web Appliance Firmware 3.5.1.2

  • Sophos Web Appliance Firmware 3.5.2

  • Sophos Web Appliance Firmware 3.5.3

  • Sophos Web Appliance Firmware 3.5.4

  • Sophos Web Appliance Firmware 3.5.5

  • Sophos Web Appliance Firmware 3.5.6

  • Sophos Web Appliance Firmware 3.6.1

  • Sophos Web Appliance Firmware 3.6.1.1

  • Sophos Web Appliance Firmware 3.6.2

  • Sophos Web Appliance Firmware 3.6.2.1

  • Sophos Web Appliance Firmware 3.6.2.3

  • Sophos Web Appliance Firmware 3.6.2.4.0

  • Sophos Web Appliance Firmware 3.6.2.4.1

  • Sophos Web Appliance Firmware 3.6.3

  • Sophos Web Appliance Firmware 3.6.4

  • Sophos Web Appliance Firmware 3.6.4.1

  • Sophos Web Appliance Firmware 3.6.4.2

  • Sophos Web Appliance Firmware 3.7.0

  • Sophos Web Appliance Firmware 3.7.1

  • Sophos Web Appliance Firmware 3.7.2

  • Sophos Web Appliance Firmware 3.7.3

  • Sophos Web Appliance Firmware 3.7.4

  • Sophos Web Appliance Firmware 3.7.5

  • Sophos Web Appliance Firmware 3.7.6

  • Sophos Web Appliance Firmware 3.7.7

  • Sophos Web Appliance Firmware 3.7.8.1

  • Sophos Web Appliance Firmware 3.7.8.2

  • Sophos Web Appliance Firmware 3.7.9

  • Sophos Web Appliance Firmware 3.7.9.1

  • Sophos Web Appliance Firmware 3.8.0

  • Sophos Web Appliance Firmware 3.8.1

  • Sophos Web Appliance Firmware 3.8.1.1

Application

  • Sophos Web Appliance Firmware 3.7.8


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-14-069/

CONFIRM - http://www.sophos.com/en-us/support/knowledgebase/120230.aspx

BID - 66734

EXPLOIT-DB - 32789

SECUNIA - 57706


Last Updated: 27 May 2016 11:04:56