Kaspersky Threats

Solutions for:

Kaspersky ID:

KLA10336

Detect Date:

04/11/2014

Updated:

09/26/2023

Description

Multiple critical vulnerabilities have been found in Sophos Web Appliance. Malicious users can exploit these vulnerabilities to execute arbitrary commands or change admin password. Below is a complete list of vulnerabilities

Vectors related to the netinterface configuration page can be exploited remotely via a specially designed address parameter;
Vectors related to the change password dialog can be exploited remotely via a specially designed request.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

CVE list

CVE-2014-2849
critical
CVE-2014-2850
critical

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Kaspersky ID:

KLA10336

Detect Date:

04/11/2014

Updated:

09/26/2023

Severity

critical

Solution

Update to latest version

Impacts

ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected products

Sophos Web Appliance versions 3.8.1.1 and earlier

Kaspersky Next

Let’s go Next: redefine your business’s cybersecurity

Learn more

New Kaspersky!

Your digital life deserves complete protection!

Learn more

Confirm changes?

Your message has been sent successfully.

Multiple vulnerabilities in Sophos Web Appliance

Description

Original advisories

Exploitation

Related products

CVE list

Read more