Multiple vulnerabilities in Sophos Web Appliance

Описание

Multiple critical vulnerabilities have been found in Sophos Web Appliance. Malicious users can exploit these vulnerabilities to execute arbitrary commands or change admin password. Below is a complete list of vulnerabilities

1. Vectors related to the netinterface configuration page can be exploited remotely via a specially designed address parameter;
2. Vectors related to the change password dialog can be exploited remotely via a specially designed request.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Sophos-Web-Appliance

Список CVE

• CVE-2014-2849
  high
• CVE-2014-2850
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com