CVE-2014-2850

high

Description

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-069/

http://www.sophos.com/en-us/support/knowledgebase/120230.aspx

http://www.securityfocus.com/bid/66734

http://secunia.com/advisories/57706

Details

Source: Mitre, NVD

Published: 2014-04-11

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H