Detections
Analytics

Sophos Web Protection Appliance Multiple Vulnerabilities

critical Nessus Plugin ID 70142

Language:

Synopsis

The remote host is running a web application that is affected by multiple vulnerabilities.

Description

The Sophos Web Protection application running on the remote host is affected by multiple vulnerabilities :

 - A remote command execution vulnerability exists in the /opt/ws/bin/sblistpack Perl script due to improper sanitization of user-supplied input when the 'action' parameter is set to 'continue' and the 'args_reason' parameter is set to anything other than 'filetypewarn'.
 An unauthenticated, remote attacker can exploit this by sending a specially crafted request to the /end-user/index.php script, resulting in the execution of arbitrary commands subject to the privileges of the 'spiderman' user id. (CVE-2013-4983)

 - A privilege escalation vulnerability exists in the close_connections() function in the clear_keys.pl script due to a failure to properly escape second arguments. A local attacker can exploit this to escalate privileges.
 (CVE-2013-4984)

Note that the application is reportedly affected by a cross-site scripting vulnerability; however, this plugin has not tested for it.

Solution

Upgrade to Sophos Web Protection Appliance version 3.7.9.1 / 3.8.1.1 or later.

See Also

http://www.nessus.org/u?e2867f81

http://www.nessus.org/u?6d3b1f2b

Plugin Details

Severity: Critical

ID: 70142

File Name: sophos_web_protection_command_injection.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 9/26/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sophos:web_appliance, x-cpe:/a:sophos:sophos_web_protection

Required KB Items: installed_sw/sophos_web_protection

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 9/6/2013

Vulnerability Publication Date: 9/6/2013

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation)

Elliot (Sophos Web Protection Appliance 3.8.1 RCE)

Reference Information

CVE: CVE-2013-4983, CVE-2013-4984

BID: 62263, 62265