Privilege escalation in Sophos UTM

Published: 2018-03-06 15:48:03
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CVSSv3 7.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software Sophos UTM
Vulnerable software versions Sophos UTM 9.503
Sophos UTM 9.410
Vendor URL Sophos

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can access the 'confd' service via the localhost interface to obtain a session token and then use the session token to submit a specially crafted request via the network to '/webadmin.plx' to set the root password.

Remediation

Update to version 9.508.

External links

https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-508-r...

Back to List