Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2013-2642
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-18 Mar, 2014 | 17:02
Updated At-06 May, 2026 | 22:30

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Sophos Ltd.
sophos
>>web_appliance_firmware>>Versions up to 3.7.8.1(inclusive)
cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*
Sophos Ltd.
sophos
>>web_appliance>>-
cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.sophos.com/en-us/support/knowledgebase/118969.aspxcve@mitre.org
Vendor Advisory
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txtcve@mitre.org
Exploit
http://www.sophos.com/en-us/support/knowledgebase/118969.aspxaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://www.sophos.com/en-us/support/knowledgebase/118969.aspx
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.sophos.com/en-us/support/knowledgebase/118969.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Change History
0Changes found
Details not found