CVE-2014-2850 Information

Description

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

Reference

http://secunia.com/advisories/57706 http://www.exploit-db.com/exploits/32789 http://www.securityfocus.com/bid/66734 http://www.sophos.com/en-us/support/knowledgebase/120230.aspx http://www.zerodayinitiative.com/advisories/ZDI-14-069/