CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2CVE-2016-9554 – Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection
https://notcve.org/view.php?id=CVE-2016-9554
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. • https://www.exploit-db.com/exploits/41414 http://pastebin.com/UB8Ye6ZU http://www.securityfocus.com/bid/95858 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 76EXPL: 3CVE-2013-4984 – Sophos Web Protection Appliance - clear_keys.pl Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-4984
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. La función close_connections en /opt/cma/bin/clear_keys.pl en Sophos Web Appliance anterior a v3.7.9.1 y v3.8 anterior a v3.8.1.1 permite a usuarios locales conseguir privilegios a través de metacaracteres de consola en el segundo argumento. • https://www.exploit-db.com/exploits/28332 https://www.exploit-db.com/exploits/28175 http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities http://www.sophos.com/en-us/support/knowledgebase/119773.aspx • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •