CVE-2013-2642

2014-03-1817:02:51

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.012

Percentile

85.2%

JSON

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.

Affected configurations

Nvd

Node

sophosweb_appliance_firmwareRange≤3.7.8.1

AND

sophosweb_applianceMatch-

VendorProductVersionCPE
sophosweb_appliance_firmware*cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*
sophosweb_appliance-cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sophos	web_appliance_firmware	*	cpe:2.3:o:sophos:web_appliance_firmware::::::::
sophos	web_appliance	-	cpe:2.3:h:sophos:web_appliance:-:::::::*