Detections
Analytics

Sophos Web Appliance < 4.3.1.2 Multiple Vulnerabilities

critical Nessus Plugin ID 99237

Language:

Synopsis

The remote host is running a web application that is affected by multiple vulnerabilities.

Description

According to its self-reported build number, the Sophos Web Appliance running on the remote host is prior to 4.3.1.2. It is, therefore, affected by following vulnerabilities :

 - A remote command injection vulnerability exists due to a failure in certain functions to properly sanitize input upon submission to reports. An authenticated, remote attacker can exploit this to inject arbitrary commands.
 (CVE-2017-6182)

 - A remote command injection vulnerability exists due to improper handling of parameters in the active directory configuration. An authenticated, remote attacker can exploit this to inject arbitrary commands.
 (CVE-2017-6183)

 - A remote command injection vulnerability exists due to a failure to properly sanitize input passed via the 'token' parameter upon submission to reports. An authenticated, remote attacker can exploit this to inject arbitrary commands. (CVE-2017-6184)

 - An authentication bypass vulnerability exists due to the use of static session IDs. An unauthenticated, remote attacker can exploit this to bypass authentication.
 (CVE-2017-6412)

 - A remote command injection vulnerability exists due to a failure to properly sanitize unspecified HTTP request parameters upon submission to reports. An authenticated, remote attacker can exploit this to execute arbitrary commands.

Solution

Upgrade to Sophos Web Appliance version 4.3.1.2 or later.

See Also

http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html

http://www.nessus.org/u?10940469

Plugin Details

Severity: Critical

ID: 99237

File Name: sophos_web_appliance_wsa_build_2678661.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 4/6/2017

Updated: 11/13/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-6182

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sophos:web_appliance

Required KB Items: Settings/ParanoidReport, installed_sw/sophos_web_protection

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/16/2017

Vulnerability Publication Date: 3/16/2017

Exploitable With

Elliot (Sophos Web Protection Appliance Reports RCE)

Reference Information

CVE: CVE-2017-6182, CVE-2017-6183, CVE-2017-6184, CVE-2017-6412

BID: 97261