CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6183
https://notcve.org/view.php?id=CVE-2017-6183
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, una sección de las utilidades de configuración de la máquina para agregar (y detectar) servidores Active Directory era vulnerable a inyección de comandos remotos, vulnerabilidad también conocida como NSWA-1314. • http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2CVE-2016-9553 – Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection
https://notcve.org/view.php?id=CVE-2016-9553
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258. • https://www.exploit-db.com/exploits/41413 http://pastebin.com/DUYuN0U5 http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.html http://www.securityfocus.com/bid/95853 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2CVE-2016-9554 – Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection
https://notcve.org/view.php?id=CVE-2016-9554
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. • https://www.exploit-db.com/exploits/41414 http://pastebin.com/UB8Ye6ZU http://www.securityfocus.com/bid/95858 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7442 – Sophos UTM 9.405-5 / 9.404-5 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-7442
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. El componente Frontend en Sophos UTM con firmware 9.405-5 y en versiones anteriores permite a administradores locales obtener información sensible de contraseñas leyendo el campo "value" de los ajustes de usuario del proxy en pestaña de configuración "system settings / scan settings / anti spam". Sophos UTM versions 9.405-5 and 9.404-5 suffer from information disclosure vulnerabilities. • http://www.securityfocus.com/archive/1/539518/100/0/threaded http://www.securityfocus.com/bid/93266 http://www.securitytracker.com/id/1036931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7397 – Sophos UTM 9.405-5 / 9.404-5 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-7397
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. El componente Frontend en Sophos UTM con firmware 9.405-5 y versiones anteriores permite a administradores locales obtener información sensible de contraseñas leyendo el campo "value" de los ajustes de usuario SMTP en la pestaña de configuración de notificaciones. Sophos UTM versions 9.405-5 and 9.404-5 suffer from information disclosure vulnerabilities. • http://www.securityfocus.com/archive/1/539518/100/0/threaded http://www.securityfocus.com/bid/93266 http://www.securitytracker.com/id/1036931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •