Xort

**Name of the Vulnerable Software and Affected Versions** Barracuda Load Balancer versions prior to 6.1.0.003 **Description** A remote command injection issue exists, allowing an authenticated user to execute arbitrary shell commands and gain root privileges. This issue arises from unsanitized data being processed in a system call when the `delete assessment` command is issued. **Recommendations** For versions prior to 6.1.0.003, update to version 6.1.0.003 or later to resolve the issue. As a temporary workaround, consider restricting access to the `delete assessment` command until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Sophos Web Appliance versions prior to 4.3.1.2 **Description** A section of the machine's interface in Sophos Web Appliance, responsible for generating reports, was found to be vulnerable to remote command injection via functions. **Recommendations** For versions prior to 4.3.1.2, update to version 4.3.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SonicWall Secure Remote Access server version 8.1.0.2-14sv **Description** The issue is related to the `viewcert` CGI component in the web administrative interface, specifically the `/cgi-bin/viewcert` API endpoint. It is caused by a lack of input sanitization, allowing an attacker to inject commands remotely using the `CERT` variable. This can lead to the execution of arbitrary commands, resulting in shell access to the remote machine under the nobody user account. **Recommendations** For version 8.1.0.2-14sv, consider disabling the `viewcert` CGI component or restricting access to the `/cgi-bin/viewcert` API endpoint until a patch is available. Avoid using the `CERT` variable in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 **Description** The issue exists due to insufficient input validation in the management interface component of Citrix NetScaler SD-WAN. This allows a remote attacker to execute arbitrary shell commands with root privileges by using a `CGISESSID` cookie. On CloudBridge devices, which were formerly known as NetScaler SD-WAN, the cookie name used was `CAKEPHP` instead of `CGISESSID`. **Recommendations** For Citrix NetScaler SD-WAN devices through v9.1.2.26.561201, consider disabling the use of `CGISESSID` cookies or restricting access to the management interface as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sophos Web Appliance version 4.2.1.3 **Description** The issue affects the web administrative interface of the Sophos Web Appliance, specifically in the MgrReport.php component, which handles blocking and unblocking IP addresses. The problem arises from the improper escaping of information passed in the `unblockip` and `blockip` variables before they are used in the shell exec() function, allowing system commands to be injected. This occurs despite the variable name `escapedips` suggesting protection. **Recommendations** For Sophos Web Appliance version 4.2.1.3, as a temporary workaround, consider restricting access to the MgrReport.php component, specifically the /controllers/MgrReport.php endpoint, to minimize the risk of exploitation. Avoid using the `unblockip` and `blockip` variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sophos Web Appliance Remote / Secure Web Gateway version 4.2.1.3 **Description** The issue arises from a Remote Command Injection vulnerability in the web administrative interface, specifically in the MgrDiagnosticTools.php component. This vulnerability occurs due to improper escaping of the `url` variable before it is passed to the `executeCommand` class function, which calls `exec()` with unsanitized user input. The vulnerable page is accessed through the administrative interface by a command passed in the `section` parameter, specifically the 'configuration' command. Exploitation of this issue can yield shell access to the remote machine under the 'spiderman' user account. **Recommendations** For Sophos Web Appliance Remote / Secure Web Gateway version 4.2.1.3, as a temporary workaround, consider disabling access to the MgrDiagnosticTools.php page or restricting the use of the `executeCommand` function until a patch is available. Additionally, avoid using the 'configuration' command in the administrative interface that leads to the vulnerable page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.