CVE-2017-6184

Name of the Vulnerable Software and Affected Versions Sophos Web Appliance versions prior to 4.3.1.2

Description The issue concerns a remote command injection vulnerability in a section of the machine's interface responsible for generating reports. This vulnerability can be exploited via the token parameter.

Recommendations For versions prior to 4.3.1.2, update to version 4.3.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the report generation interface to minimize the risk of exploitation. Avoid using the token parameter in the affected interface until the issue is resolved.