Sophos Web Protection Appliance Multiple Vulnerabilities Network Vulnerability

Summary

Sophos Web Protection Appliance is prone to multiple vulnerabilities.

Impact

An unauthenticated remote attacker can execute arbitrary OS commands on the Sophos appliance with the privileges of the spiderman operating system user.

Solution

Update to v3.7.9.1/v3.8.1.1

Insight

Sophos Web Protection Appliance is prone to a pre-authentication OS command injection vulnerability and to a privilege escalation through local OS command injection vulnerability

Affected

Sophos Web Appliance v3.7.9 and earlier. Sophos Web Appliance v3.8.0. Sophos Web Appliance v3.8.1.

References

http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4983

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple Safari RSS Feed Information Disclosure Vulnerability
AWStats configdir parameter arbitrary cmd exec
Apache Struts ClassLoader Manipulation Vulnerabilities
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
ALCASAR Remote Code Execution Vulnerability

Take action and discover your vulnerabilities