CVE-2014-2850

Name of the Vulnerable Software and Affected Versions Sophos Web Appliance versions prior to 3.8.2

Description The issue concerns the network interface configuration page, where remote administrators can execute arbitrary commands by using shell metacharacters in the address parameter. This allows for unauthorized command execution.

Recommendations For versions prior to 3.8.2, update to version 3.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the network interface configuration page to minimize the risk of exploitation. Avoid using shell metacharacters in the address parameter until the issue is resolved.