CVSS: 8.5EPSS: 12%CPEs: 79EXPL: 3CVE-2014-2849 – Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2849
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. El cuadro de dialogo de cambio de contraseña (change_password) en Sophos Web Appliance anterior a 3.8.2 permite a usuarios remotos autenticados cambiar la contraseña del usuario de administración a través de una solicitud manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Web Appliance. Authentication is required to exploit this vulnerability. The specific flaws exist within the change_password and netinterface functions of the web appliance. The first flaw will allow for an unprivileged user to change the admin's password and a remote code execution vulnerability exists when updating the network interface. • https://www.exploit-db.com/exploits/32789 http://secunia.com/advisories/57706 http://www.exploit-db.com/exploits/32789 http://www.securityfocus.com/bid/66734 http://www.sophos.com/en-us/support/knowledgebase/120230.aspx http://www.zerodayinitiative.com/advisories/ZDI-14-069 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2014-2537
https://notcve.org/view.php?id=CVE-2014-2537
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Fuga de memoria en la pila TCP en el kernel en Sophos UTM anterior a 9.109 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de vectores no especificados. • http://blogs.sophos.com/2014/02/20/utm-up2date-9-109 http://secunia.com/advisories/57344 http://www.securityfocus.com/bid/66231 http://www.securitytracker.com/id/1029920 • CWE-399: Resource Management Errors •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1213
https://notcve.org/view.php?id=CVE-2014-1213
Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof "ready for update" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects. El motor de Sophos Anti-Virus (SAVi) anterior a 3.50.1, utilizado en VDL 4.97G 9.7.x anterior a 9.7.9, 10.0.x anterior a 10.0.11 y 10.3.x anterior a 10.3.1 no establece una ACL para cietos objetos globales y de sesión, lo que permite a usuarios locales evadir la protección Anti-Virus, causa una denegación de servicio (consumo de recursos, consumo de CPU y finalmente una caída) o falsifica mensajes de "preparado para actualización" mediante ciertas operaciones realizadas en mutexes o eventos incluyendo (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest o (14) SophosALMonSessionInstance, demostrado mediante la provocación de un evento ReadyForUpdateSAV y modificación de objetos UpdateComplete, UpdateMutex y UpdateRequest. • http://osvdb.org/102762 http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.html http://seclists.org/fulldisclosure/2014/Feb/1 http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1213 http://www.securityfocus.com/archive/1/530915/100/0/threaded http://www.securityfocus.com/bid/65286 http://www.securitytracker.com/id/1029713 http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5932
https://notcve.org/view.php?id=CVE-2013-5932
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors. Vulnerabilidad no especificada en WebAdmin en Sophos UTM (aka Astaro Security Gateway) anterior a v9.105 tiene un impacto y vectores de ataque desconocidos. • http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released http://secunia.com/advisories/54881 http://www.securitytracker.com/id/1029039 •
CVSS: 7.2EPSS: 0%CPEs: 76EXPL: 3CVE-2013-4984 – Sophos Web Protection Appliance - clear_keys.pl Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-4984
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. La función close_connections en /opt/cma/bin/clear_keys.pl en Sophos Web Appliance anterior a v3.7.9.1 y v3.8 anterior a v3.8.1.1 permite a usuarios locales conseguir privilegios a través de metacaracteres de consola en el segundo argumento. • https://www.exploit-db.com/exploits/28332 https://www.exploit-db.com/exploits/28175 http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities http://www.sophos.com/en-us/support/knowledgebase/119773.aspx • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •