CVE-2013-4984

Published Sep 10, 2013
Last updated 8 years ago
CVSS info 7.2
Overview

Description: The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-264
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9CB925A-27AD-4E9C-ABCE-9052460B8670",
            "versionEndIncluding": "3.7.9"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E72AFE09-C005-4C58-89E4-95EC329E1456"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBD8C41B-38D1-4443-BB4A-0BDBF1419B91"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F11B1311-687B-4CFD-A1DF-74F42C11CB03"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38EF1D57-81D6-4E1A-8597-2D505EEB113E"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "936C0962-08DB-4C2F-8656-4948E2E9DAF1"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84AE2D52-1C27-46BE-87CC-C32E74CBCE12"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1160E50-C123-4091-9215-8793999FE1F9"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.0.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18F26B00-B087-445F-9453-AA6F4EEBD9C2"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67548C4C-C928-4E8A-BD7A-FDAFBBBA20E2"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9ADEA7FD-8CBB-4979-891A-78E2AEB32149"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16FD5529-F951-465D-9B5C-3AA7EA038F03"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4993820-1ED0-41A3-9A88-AB3AB0CB46AE"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9B92DA3-55E3-4A60-AFA9-1CB9A3696892"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BA52349-778B-47EF-BEE7-831EA810C5C6"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "941BB190-EFA2-4476-BC6D-173272E92BBF"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7B7E5D5-92D2-4F0B-91A0-CD9B20A4A1A2"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1884CAE7-F593-40A1-8ABA-F41A341231DF"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38A6DDDE-470F-4F8D-AF46-333E1A5C52E9"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C425B54A-406A-4D0C-88E1-AEFA1772DD4C"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DE9E620-5FFA-4756-BE2E-EBA71D2483D3"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC4DC81C-657A-4F2C-979D-7BFCAF8DC9DE"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41D0F267-E6CA-4064-912E-F5284DEA5B78"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6728269D-1529-4048-9980-5B58FD3F47D2"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5282B986-2470-4B37-8051-0F0BB38F757D"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3E14CA5-9CAB-4859-8ED9-2654BB755A17"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BD9DC4D-1A56-478D-A82E-1136A053338D"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52F88C47-E8B0-4A43-9729-BA9B8D02D20D"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A46534C-2EF3-4167-9577-B4F439D28270"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC925B44-DEB3-4509-8872-92302BAE87D1"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9D00352-D5D7-4762-8941-33283A0BF54C"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91CA8948-2D0E-4DF7-B144-6D22E6C4733E"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12EE64AD-287A-4E7C-9E4D-125328EA17A2"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C01801C1-0851-4871-B46C-59E29930C46A"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "936E37EF-D6F3-4E10-B55E-D098F564CA8A"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "324DDE13-04D8-4FEB-A30E-7B97C88E65F8"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F778DA33-8C98-4E05-9462-A311677F28F8"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09C6014D-06AD-4B24-AD1C-B4DF85F7116C"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91C780C2-77B2-4B22-8E70-33BC5A265D3A"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C322B75-E0FF-43F6-B98A-4932C3963DBD"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DA0FCD5-BE10-4C06-99C9-383DD8320A40"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A2741E9-9BEA-453F-A3C4-73185E8CE8F2"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C414A114-7A2A-46EC-AA2D-313E5807F4C2"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFCF1E94-D363-4D76-ABA7-14961FD7C284"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB5DDB6C-87B0-46DD-BB6F-FE2CF182C15F"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.5.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BFB4121-D4DE-4408-98A3-75F0130B77D2"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "028DC0E3-D477-441A-8BBF-0D845EC121B5"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6781185-BE24-43ED-9D30-D20E8BCC3065"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C75BA518-EDA7-472E-8076-4839E8F87E4A"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C09E0682-3627-4895-B9A2-058548C3E0F7"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0CD24FB-761D-4DC9-B56F-AD0F41475FAF"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35D35162-2FEF-45CB-99AF-B0606BEA72EA"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD27E74E-7698-4277-BFE8-E065914A5034"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5073E62-8F6B-49BD-9E8E-C4B47DD02A9A"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E80BE71D-8AA6-4304-A87B-1905D8468556"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2E0BD9F-0745-4F26-B198-28C83946BA0A"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A40A529-E944-4FDB-A88C-9AEFBA067010"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB5CF2F8-D3FB-4B2C-A031-B6B56A89A044"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC137078-0619-4167-8037-64CE1A2F4286"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D76F093E-1666-4DB3-8933-BE75CDB4E1A9"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9FEB8B8-6EB3-4814-B213-983B3B8F577E"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B3BCA7A-BF09-46FA-8922-6BAA5F1F76AA"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.6.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6951182E-D6AD-416B-9C57-11C08045978B"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7DC68B7-4939-439F-9DFC-B47EF0993156"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88EBB0D5-F4DA-407E-B1BA-4DE53DA2043D"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BDF11D9-ADEF-4C4C-B09F-425C28FC5363"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81A8F610-7B4F-4802-8BEB-BEE5AC45D4CB"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFC38B5D-4FF5-4428-87D5-F7DA82EFFCC7"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1AF9BE6-C8E1-44C5-8176-FB64DFCEB3DB"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DBC7DE7-B772-45DE-934C-A131114544BD"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91162663-4E48-4BF7-B6BF-1DBB67878D95"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA35A488-2057-42B1-9570-6D122C1BBC1C"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23444EF3-308E-42A0-9578-EB2E0D2E5D38"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.7.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "773225D2-B6F6-4983-8BBE-169E6D5984C2"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E599CAD-00A6-46A3-8CF9-30562D42651B"
          },
          {
            "criteria": "cpe:2.3:a:sophos:web_appliance:3.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BB74E3E-1378-4FD0-B4B4-DA56EB0C12EC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
