KLA10336
Multiple vulnerabilities in Sophos Web Appliance

Multiple critical vulnerabilities have been found in Sophos Web Appliance. Malicious users can exploit these vulnerabilities to execute arbitrary commands or change admin password. Below is a complete list of vulnerabilities

1. Vectors related to the netinterface configuration page can be exploited remotely via a specially designed address parameter;
2. Vectors related to the change password dialog can be exploited remotely via a specially designed request.

Sophos Web Appliance versions 3.8.1.1 and earlier

Update to latest version

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/32789

https://www.exploit-db.com/exploits/32789