0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Sophos UTM 9.405-5 / 9.404-5 Information Disclosure Vulnerability
Author
Risk
[Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
Product: Sophos UTM Vendor: Sophos ltd. Internal reference: ? (Bug ID) Vulnerability type: Information Disclosure Vulnerable version: 9.405-5, 9.404-5 and possible other versions affected (not tested) Vulnerable component: Frontend Report confidence: yes Solution status: Not fixed by Vendor, no further responses from vendor. Fixed versions: - Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks Vendor notification: 2016-09-01 Solution date: - Public disclosure: 2016-09-30 CVE reference: CVE-2016-7397 CVSSv3: 6.7 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N Report timeline: 2016-09-01: Contacted Vendor, vendor acknowledged, no further response 2016-09-12: Contacted Vendor again, started to fix 2016-09-30: Contacted Vendor again, because there has been no response to our request and our initial told disclosing date, no response again. 2016-09-30: Public Disclosure. Vulnerability Details: The password is reflected to DOM and is readable through the "value" field of the SMTP user settings in notifications tab. You have to be authenticated to access the configuration tab. Risk: An attacker gets access to the configured mailbox. Because of Sophos UTM is a multi user system, this is a problem in bigger company environments with splitted admin rights. The surface scope is changed, because in bigger environments you are getting access to the configured mailbox, which results in an integrity loss. Steps to reproduce: See vulnerability details. -- Product: Sophos UTM Vendor: Sophos ltd. Internal reference: ? (Bug ID) Vulnerability type: Information Disclosure Vulnerable version: 9.405-5, 9.404-5 and possible other versions affected (not tested) Vulnerable component: Frontend Report confidence: ? Solution status: Not fixed by Vendor Fixed versions: - Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks Vendor notification: 2016-09-01 Solution date: - Public disclosure: 2016-10-01 CVE reference: CVE-2016-7442 CVSSv3: 6.7 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N Vulnerability Details: The password is reflected to DOM and is readable through the "value" field of the proxy user settings in the system settings / scan settings / anti spam. You have to be authenticated to access the configuration tab. Risk: An attacker gets access to the configured proxy user. Because of Sophos UTM is a multi user system, this is a problem in bigger company environments with splitted admin rights. The surface scope is changed, because in bigger environments you are getting access to the configured proxy user, which results in an privilege escalation. Steps to reproduce: See vulnerability details. # 0day.today [2024-09-19] #