|CVSS SCORE||8.5, (AV:N/AC:M/Au:S/C:C/I:C/A:C)|
The specific flaws exist within the change_password and netinterface functions of the web appliance. The first flaw will allow for an unprivileged user to change the admin's password and a remote code execution vulnerability exists when updating the network interface. This allows for an attacker to execute under root privileges.
Sophos has issued an update to correct this vulnerability. More details can be found at: