CVE ID | CVE-2014-2849 |
CVSS SCORE | 8.5, AV:N/AC:M/Au:S/C:C/I:C/A:C |
AFFECTED VENDORS |
Sophos |
AFFECTED PRODUCTS |
Web Appliance |
VULNERABILITY DETAILS |
The specific flaws exist within the change_password and netinterface functions of the web appliance. The first flaw will allow for an unprivileged user to change the admin's password and a remote code execution vulnerability exists when updating the network interface. This allows for an attacker to execute under root privileges. |
ADDITIONAL DETAILS |
Sophos has issued an update to correct this vulnerability. More details can be found at:
http://www.sophos.com/en-us/support/knowledgebase/120230.aspx |
DISCLOSURE TIMELINE |
|
CREDIT | Brandon Perry |