CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6184
https://notcve.org/view.php?id=CVE-2017-6184
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, una sección de la interfaz de la máquina responsable de generar informes era vulnerable a la inyección de comando remoto a través del parámetro token, vulnerabilidad también conocida como NSWA-1303. • http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 4%CPEs: 1EXPL: 1CVE-2017-6412 – Sophos Web Appliance 4.3.1.1 - Session Fixation
https://notcve.org/view.php?id=CVE-2017-6412
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, podría ocurrir la fijación de sesión, vulnerabilidad también conocida como NSWA-1310. Sophos Web Appliance version 4.3.1.1 suffers from a session fixation vulnerability. • https://www.exploit-db.com/exploits/42012 http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 https://www.qualys.com/2017/02/28/qsa-2017-02-28/qsa-2017-02-28.pdf • CWE-384: Session Fixation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6183
https://notcve.org/view.php?id=CVE-2017-6183
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, una sección de las utilidades de configuración de la máquina para agregar (y detectar) servidores Active Directory era vulnerable a inyección de comandos remotos, vulnerabilidad también conocida como NSWA-1314. • http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2CVE-2016-9553 – Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection
https://notcve.org/view.php?id=CVE-2016-9553
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258. • https://www.exploit-db.com/exploits/41413 http://pastebin.com/DUYuN0U5 http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.html http://www.securityfocus.com/bid/95853 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2CVE-2016-9554 – Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection
https://notcve.org/view.php?id=CVE-2016-9554
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. • https://www.exploit-db.com/exploits/41414 http://pastebin.com/UB8Ye6ZU http://www.securityfocus.com/bid/95858 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •