Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2850

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2014-2850
Last Modified 14 Apr 2014 11:38:38
Published 11 Apr 2014 11:55:27
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2850

Summary

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

Vulnerable Systems

Operating System

  • Sophos Web Appliance Firmware 3.0.0

  • Sophos Web Appliance Firmware 3.0.1

  • Sophos Web Appliance Firmware 3.0.1.1

  • Sophos Web Appliance Firmware 3.0.2

  • Sophos Web Appliance Firmware 3.0.3

  • Sophos Web Appliance Firmware 3.0.4

  • Sophos Web Appliance Firmware 3.0.5

  • Sophos Web Appliance Firmware 3.0.5.1

  • Sophos Web Appliance Firmware 3.1.0

  • Sophos Web Appliance Firmware 3.1.0.1

  • Sophos Web Appliance Firmware 3.1.1

  • Sophos Web Appliance Firmware 3.1.2

  • Sophos Web Appliance Firmware 3.1.3

  • Sophos Web Appliance Firmware 3.1.4

  • Sophos Web Appliance Firmware 3.2.1

  • Sophos Web Appliance Firmware 3.2.2

  • Sophos Web Appliance Firmware 3.2.2.1

  • Sophos Web Appliance Firmware 3.2.3

  • Sophos Web Appliance Firmware 3.2.4

  • Sophos Web Appliance Firmware 3.2.5

  • Sophos Web Appliance Firmware 3.2.6

  • Sophos Web Appliance Firmware 3.2.7

  • Sophos Web Appliance Firmware 3.3.0

  • Sophos Web Appliance Firmware 3.3.1

  • Sophos Web Appliance Firmware 3.3.2

  • Sophos Web Appliance Firmware 3.3.3

  • Sophos Web Appliance Firmware 3.3.3.1

  • Sophos Web Appliance Firmware 3.3.4

  • Sophos Web Appliance Firmware 3.3.5

  • Sophos Web Appliance Firmware 3.3.5.1

  • Sophos Web Appliance Firmware 3.3.6

  • Sophos Web Appliance Firmware 3.3.6.1

  • Sophos Web Appliance Firmware 3.4.0

  • Sophos Web Appliance Firmware 3.4.1

  • Sophos Web Appliance Firmware 3.4.2

  • Sophos Web Appliance Firmware 3.4.3

  • Sophos Web Appliance Firmware 3.4.3.1

  • Sophos Web Appliance Firmware 3.4.4

  • Sophos Web Appliance Firmware 3.4.5

  • Sophos Web Appliance Firmware 3.4.6

  • Sophos Web Appliance Firmware 3.4.7

  • Sophos Web Appliance Firmware 3.4.8

  • Sophos Web Appliance Firmware 3.5.0

  • Sophos Web Appliance Firmware 3.5.1

  • Sophos Web Appliance Firmware 3.5.1.1

  • Sophos Web Appliance Firmware 3.5.1.2

  • Sophos Web Appliance Firmware 3.5.2

  • Sophos Web Appliance Firmware 3.5.3

  • Sophos Web Appliance Firmware 3.5.4

  • Sophos Web Appliance Firmware 3.5.5

  • Sophos Web Appliance Firmware 3.5.6

  • Sophos Web Appliance Firmware 3.6.1

  • Sophos Web Appliance Firmware 3.6.1.1

  • Sophos Web Appliance Firmware 3.6.2

  • Sophos Web Appliance Firmware 3.6.2.1

  • Sophos Web Appliance Firmware 3.6.2.3

  • Sophos Web Appliance Firmware 3.6.2.4.0

  • Sophos Web Appliance Firmware 3.6.2.4.1

  • Sophos Web Appliance Firmware 3.6.3

  • Sophos Web Appliance Firmware 3.6.4

  • Sophos Web Appliance Firmware 3.6.4.1

  • Sophos Web Appliance Firmware 3.6.4.2

  • Sophos Web Appliance Firmware 3.7.0

  • Sophos Web Appliance Firmware 3.7.1

  • Sophos Web Appliance Firmware 3.7.2

  • Sophos Web Appliance Firmware 3.7.3

  • Sophos Web Appliance Firmware 3.7.4

  • Sophos Web Appliance Firmware 3.7.5

  • Sophos Web Appliance Firmware 3.7.6

  • Sophos Web Appliance Firmware 3.7.7

  • Sophos Web Appliance Firmware 3.7.8.1

  • Sophos Web Appliance Firmware 3.7.8.2

  • Sophos Web Appliance Firmware 3.7.9

  • Sophos Web Appliance Firmware 3.7.9.1

  • Sophos Web Appliance Firmware 3.8.0

  • Sophos Web Appliance Firmware 3.8.1

  • Sophos Web Appliance Firmware 3.8.1.1

Application

  • Sophos Web Appliance Firmware 3.7.8


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-14-069/

CONFIRM - http://www.sophos.com/en-us/support/knowledgebase/120230.aspx

BID - 66734

EXPLOIT-DB - 32789

SECUNIA - 57706


Last Updated: 27 May 2016 11:04:56