Multiple vulnerabilities in Sophos UTM

Posted: November 20, 2012 in Vulnerabilities
Tags: Cross-site scripting, Sophos UTM, system compromise

Vulnerabilities in Sophos

Vulnerability: Multiple vulnerabilities in Sophos UTM

Danger: High
Patch: Yes
Number of vulnerabilities: 2

CVE ID: CVE-2012-5671
Vector of operation: Remote
Impact: Cross Site Scripting, system compromise

Affected products: Sophos UTM 9.x

Affected versions: Sophos UTM version to 9.004.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. More about the vulnerability you can see here:
https://malwarelist.wordpress.com/2012/11/06/buffer-overflow-in-exim/

2. The vulnerability is caused due to insufficient input validation in the login screen in “Last Webadmin Sessions”. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Manufacturer URL: http://www.sophos.com/en-us/products/unified/utm.aspx

Solution: Install the latest version 9.004 from the manufacturer.

links:

http://www.astaro.com/blog/up2date/UTM9004

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook