CVE-2016-9553

Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection

Severity Score

7.2

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258.

La Sophos Web Appliance (versión 4.2.1.3) es vulnerable a dos vulnerabilidades de inyección de comandos remotos que afectan a su interfaz web administrativa. Estas vulnerabilidades ocurren en el componente MgrReport.php (/controllers/MgrReport.php) responsable de bloquear y desbloquear direcciones de IP de acceder al dispositivo. El dispositivo no escapa adecuadamente la información pasada en las variables 'unblockip' y 'blockip' antes de llamar a la función shell_exec() lo que permite que se inyecten comandos del sistema en el dispositivo. El código sugiere erróneamente que la información manejada está protegida utilizando el nombre de variable 'escapedips' - sin embargo éste no es el caso. El ID Sophos es NSWA-1258.

Sophos Web Appliance version 4.2.1.3 is vulnerable to two remote command injection vulnerabilities.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-11-22 CVE Reserved
2016-12-12 First Exploit
2017-01-28 CVE Published
2024-08-06 CVE Updated
2024-08-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CAPEC

References (5)

URL	Tag	Source
http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.html	Release Notes
http://www.securityfocus.com/bid/95853	Third Party Advisory
https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1	Release Notes

URL	Date	SRC
https://www.exploit-db.com/exploits/41413	2016-12-12
http://pastebin.com/DUYuN0U5	2024-08-06

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sophos Search vendor "Sophos"		Web Appliance Search vendor "Sophos" for product "Web Appliance"				4.2.1.3 Search vendor "Sophos" for product "Web Appliance" and version "4.2.1.3"		-		Affected