Lucene search
MitreCVE-2013-4984HistorySep 10, 2013 - 11:28 a.m.
CVE-2013-4984
2013-09-1011:28:41
CWE-264
CWE-78
mitre
web.nvd.nist.gov
37
sophos
web appliance
privilege escalation
clear_keys.pl
cve-2013-4984
nvd
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.4
Confidence
Low
EPSS
0.005
Percentile
75.9%
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Affected configurations
Node
sophosweb_applianceRange≤3.7.9
ORsophosweb_applianceMatch3.0.0
ORsophosweb_applianceMatch3.0.1
ORsophosweb_applianceMatch3.0.1.1
ORsophosweb_applianceMatch3.0.2
ORsophosweb_applianceMatch3.0.3
ORsophosweb_applianceMatch3.0.4
ORsophosweb_applianceMatch3.0.5
ORsophosweb_applianceMatch3.0.5.1
ORsophosweb_applianceMatch3.1.0
ORsophosweb_applianceMatch3.1.0.1
ORsophosweb_applianceMatch3.1.1
ORsophosweb_applianceMatch3.1.2
ORsophosweb_applianceMatch3.1.3
ORsophosweb_applianceMatch3.1.4
ORsophosweb_applianceMatch3.2.1
ORsophosweb_applianceMatch3.2.2
ORsophosweb_applianceMatch3.2.2.1
ORsophosweb_applianceMatch3.2.3
ORsophosweb_applianceMatch3.2.4
ORsophosweb_applianceMatch3.2.5
ORsophosweb_applianceMatch3.2.6
ORsophosweb_applianceMatch3.2.7
ORsophosweb_applianceMatch3.3.0
ORsophosweb_applianceMatch3.3.1
ORsophosweb_applianceMatch3.3.2
ORsophosweb_applianceMatch3.3.3
ORsophosweb_applianceMatch3.3.3.1
ORsophosweb_applianceMatch3.3.4
ORsophosweb_applianceMatch3.3.5
ORsophosweb_applianceMatch3.3.5.1
ORsophosweb_applianceMatch3.3.6
ORsophosweb_applianceMatch3.3.6.1
ORsophosweb_applianceMatch3.4.0
ORsophosweb_applianceMatch3.4.1
ORsophosweb_applianceMatch3.4.2
ORsophosweb_applianceMatch3.4.3
ORsophosweb_applianceMatch3.4.3.1
ORsophosweb_applianceMatch3.4.4
ORsophosweb_applianceMatch3.4.5
ORsophosweb_applianceMatch3.4.6
ORsophosweb_applianceMatch3.4.7
ORsophosweb_applianceMatch3.4.8
ORsophosweb_applianceMatch3.5.0
ORsophosweb_applianceMatch3.5.1
ORsophosweb_applianceMatch3.5.1.1
ORsophosweb_applianceMatch3.5.1.2
ORsophosweb_applianceMatch3.5.2
ORsophosweb_applianceMatch3.5.3
ORsophosweb_applianceMatch3.5.4
ORsophosweb_applianceMatch3.5.5
ORsophosweb_applianceMatch3.5.6
ORsophosweb_applianceMatch3.6.1
ORsophosweb_applianceMatch3.6.1.1
ORsophosweb_applianceMatch3.6.2
ORsophosweb_applianceMatch3.6.2.1
ORsophosweb_applianceMatch3.6.2.3
ORsophosweb_applianceMatch3.6.2.4.0
ORsophosweb_applianceMatch3.6.2.4.1
ORsophosweb_applianceMatch3.6.3
ORsophosweb_applianceMatch3.6.4
ORsophosweb_applianceMatch3.6.4.1
ORsophosweb_applianceMatch3.6.4.2
ORsophosweb_applianceMatch3.7.0
ORsophosweb_applianceMatch3.7.1
ORsophosweb_applianceMatch3.7.2
ORsophosweb_applianceMatch3.7.3
ORsophosweb_applianceMatch3.7.4
ORsophosweb_applianceMatch3.7.5
ORsophosweb_applianceMatch3.7.6
ORsophosweb_applianceMatch3.7.7
ORsophosweb_applianceMatch3.7.8
ORsophosweb_applianceMatch3.7.8.1
ORsophosweb_applianceMatch3.7.8.2
ORsophosweb_applianceMatch3.8.0
ORsophosweb_applianceMatch3.8.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sophos | web_appliance | * | cpe:2.3:a:sophos:web_appliance:*:*:*:*:*:*:*:* |
| sophos | web_appliance | 3.0.0 | cpe:2.3:a:sophos:web_appliance:3.0.0:*:*:*:*:*:*:* |
| sophos | web_appliance | 3.0.1 | cpe:2.3:a:sophos:web_appliance:3.0.1:*:*:*:*:*:*:* |
| sophos | web_appliance | 3.0.1.1 | cpe:2.3:a:sophos:web_appliance:3.0.1.1:*:*:*:*:*:*:* |
| sophos | web_appliance | 3.0.2 | cpe:2.3:a:sophos:web_appliance:3.0.2:*:*:*:*:*:*:* |
| sophos | web_appliance | 3.0.3 | cpe:2.3:a:sophos:web_appliance:3.0.3:*:*:*:*:*:*:* |
| sophos | web_appliance | 3.0.4 | cpe:2.3:a:sophos:web_appliance:3.0.4:*:*:*:*:*:*:* |
| sophos | web_appliance | 3.0.5 | cpe:2.3:a:sophos:web_appliance:3.0.5:*:*:*:*:*:*:* |
| sophos | web_appliance | 3.0.5.1 | cpe:2.3:a:sophos:web_appliance:3.0.5.1:*:*:*:*:*:*:* |
| sophos | web_appliance | 3.1.0 | cpe:2.3:a:sophos:web_appliance:3.1.0:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
Sophos Web Protection Appliance - clear_keys.pl Privilege Escalation (Metasploit)
2013-09-17 00:00:00
Sophos Web Protection Appliance - Multiple Vulnerabilities
2013-09-09 00:00:00
cvelist
cvelist
CVE-2013-4984
2013-09-10 10:00:00
packetstorm
packetstorm
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection
2013-09-07 00:00:00
metasploit
metasploit
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
2013-09-10 04:27:24
prion
prion
Design/Logic Flaw
2013-09-10 11:28:00
nvd
nvd
CVE-2013-4984
2013-09-10 11:28:41
zdt
zdt
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection Vulnerability
2013-09-07 00:00:00
coresecurity
coresecurity
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-06 00:00:00
seebug
seebug
Sophos Web Protection Appliance - Multiple Vulnerabilities
2014-07-01 00:00:00
securityvulns
securityvulns
[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-11 00:00:00
Sophos Web Protection Appliance code execution
2013-09-11 00:00:00
openvas
openvas
nessus
nessus
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-26 00:00:00
exploitpack
exploitpack
Sophos Web Protection Appliance - Multiple Vulnerabilities
2013-09-09 00:00:00
dsquare
dsquare
Sophos Web Protection Appliance 3.8.1 RCE
2013-09-10 00:00:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.4
Confidence
Low
EPSS
0.005
Percentile
75.9%
Related for CVE-2013-4984