
Vulnerabilities in Sophos
Vulnerability: Multiple vulnerabilities in Sophos UTM
Danger: High
Patch: Yes
Number of vulnerabilities: 2
CVE ID: CVE-2012-5671
Vector of operation: Remote
Impact: Cross Site Scripting, system compromise
Affected products: Sophos UTM 9.x
Affected versions: Sophos UTM version to 9.004.
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
1. More about the vulnerability you can see here:
https://malwarelist.wordpress.com/2012/11/06/buffer-overflow-in-exim/
2. The vulnerability is caused due to insufficient input validation in the login screen in “Last Webadmin Sessions”. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Manufacturer URL: http://www.sophos.com/en-us/products/unified/utm.aspx
Solution: Install the latest version 9.004 from the manufacturer.
links: