Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:SOPHOS-WEBAPP-CMDEXEC |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Sophos Web Appliance SophosConfig Arbitrary Command Execution (HTTP) |
Release Date |
2014/05/21 |
Update Number |
2376 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Sophos Web Appliance SophosConfig Arbitrary Command Execution (HTTP)
This signature detects attempts to exploit a known vulnerability in Sophos Web Appliance. A successful attack could allow the attacker to execute arbitrary commands with elevated privileges.
Extended Description
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
Affected Products
- Sophos web_appliance -
- Sophos web_appliance_firmware 3.0.0
- Sophos web_appliance_firmware 3.0.1
- Sophos web_appliance_firmware 3.0.1.1
- Sophos web_appliance_firmware 3.0.2
- Sophos web_appliance_firmware 3.0.3
- Sophos web_appliance_firmware 3.0.4
- Sophos web_appliance_firmware 3.0.5
- Sophos web_appliance_firmware 3.0.5.1
- Sophos web_appliance_firmware 3.1.0
- Sophos web_appliance_firmware 3.1.0.1
- Sophos web_appliance_firmware 3.1.1
- Sophos web_appliance_firmware 3.1.2
- Sophos web_appliance_firmware 3.1.3
- Sophos web_appliance_firmware 3.1.4
- Sophos web_appliance_firmware 3.2.1
- Sophos web_appliance_firmware 3.2.2
- Sophos web_appliance_firmware 3.2.2.1
- Sophos web_appliance_firmware 3.2.3
- Sophos web_appliance_firmware 3.2.4
- Sophos web_appliance_firmware 3.2.5
- Sophos web_appliance_firmware 3.2.6
- Sophos web_appliance_firmware 3.2.7
- Sophos web_appliance_firmware 3.3.0
- Sophos web_appliance_firmware 3.3.1
- Sophos web_appliance_firmware 3.3.2
- Sophos web_appliance_firmware 3.3.3
- Sophos web_appliance_firmware 3.3.3.1
- Sophos web_appliance_firmware 3.3.4
- Sophos web_appliance_firmware 3.3.5
- Sophos web_appliance_firmware 3.3.5.1
- Sophos web_appliance_firmware 3.3.6
- Sophos web_appliance_firmware 3.3.6.1
- Sophos web_appliance_firmware 3.4.0
- Sophos web_appliance_firmware 3.4.1
- Sophos web_appliance_firmware 3.4.2
- Sophos web_appliance_firmware 3.4.3
- Sophos web_appliance_firmware 3.4.3.1
- Sophos web_appliance_firmware 3.4.4
- Sophos web_appliance_firmware 3.4.5
- Sophos web_appliance_firmware 3.4.6
- Sophos web_appliance_firmware 3.4.7
- Sophos web_appliance_firmware 3.4.8
- Sophos web_appliance_firmware 3.5.0
- Sophos web_appliance_firmware 3.5.1
- Sophos web_appliance_firmware 3.5.1.1
- Sophos web_appliance_firmware 3.5.1.2
- Sophos web_appliance_firmware 3.5.2
- Sophos web_appliance_firmware 3.5.3
- Sophos web_appliance_firmware 3.5.4
- Sophos web_appliance_firmware 3.5.5
- Sophos web_appliance_firmware 3.5.6
- Sophos web_appliance_firmware 3.6.1
- Sophos web_appliance_firmware 3.6.1.1
- Sophos web_appliance_firmware 3.6.2
- Sophos web_appliance_firmware 3.6.2.1
- Sophos web_appliance_firmware 3.6.2.3
- Sophos web_appliance_firmware 3.6.2.4.0
- Sophos web_appliance_firmware 3.6.2.4.1
- Sophos web_appliance_firmware 3.6.3
- Sophos web_appliance_firmware 3.6.4
- Sophos web_appliance_firmware 3.6.4.1
- Sophos web_appliance_firmware 3.6.4.2
- Sophos web_appliance_firmware 3.7.0
- Sophos web_appliance_firmware 3.7.1
- Sophos web_appliance_firmware 3.7.2
- Sophos web_appliance_firmware 3.7.3
- Sophos web_appliance_firmware 3.7.4
- Sophos web_appliance_firmware 3.7.5
- Sophos web_appliance_firmware 3.7.6
- Sophos web_appliance_firmware 3.7.7
- Sophos web_appliance_firmware 3.7.8
- Sophos web_appliance_firmware 3.7.8.1
- Sophos web_appliance_firmware 3.7.8.2
- Sophos web_appliance_firmware 3.7.9
- Sophos web_appliance_firmware 3.7.9.1
- Sophos web_appliance_firmware 3.8.0
- Sophos web_appliance_firmware 3.8.1
- Sophos web_appliance_firmware 3.8.1.1
References
- BugTraq: 66734
- CVE: CVE-2014-2850