| CVE ID | CVE-2014-2849 |
| CVSS SCORE | 8.5, AV:N/AC:M/Au:S/C:C/I:C/A:C |
| AFFECTED VENDORS |
Sophos |
| AFFECTED PRODUCTS |
Web Appliance |
| VULNERABILITY DETAILS |
The specific flaws exist within the change_password and netinterface functions of the web appliance. The first flaw will allow for an unprivileged user to change the admin's password and a remote code execution vulnerability exists when updating the network interface. This allows for an attacker to execute under root privileges. |
| ADDITIONAL DETAILS |
Sophos has issued an update to correct this vulnerability. More details can be found at:
http://www.sophos.com/en-us/support/knowledgebase/120230.aspx |
| DISCLOSURE TIMELINE |
|
| CREDIT | Brandon Perry |
