CVE-2013-4984 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2013-4984?

CVE-2013-4984 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4984?

Check the references section above for vendor advisories and patch information. Affected products include: Sophos Web Appliance.

Vulnerability Description

The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Sophos	Web Appliance	<= 3.7.9

Related Weaknesses (CWE)

CWE-78 CWE-264

References

http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-ExploitTechnical DescriptionVendor Advisory
http://www.sophos.com/en-us/support/knowledgebase/119773.aspxBroken Link
http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-ExploitTechnical DescriptionVendor Advisory
http://www.sophos.com/en-us/support/knowledgebase/119773.aspxBroken Link

FAQ

What is CVE-2013-4984?

CVE-2013-4984 is a vulnerability with a CVSS score of 7.2 (HIGH). The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second ...

How severe is CVE-2013-4984?

CVE-2013-4984 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4984?

Check the references section above for vendor advisories and patch information. Affected products include: Sophos Web Appliance.