What is CVE-2017-6184?

CVE-2017-6184 is a medium-severity vulnerability in Sophos Web_appliance, classified under Command Injection. CVSS score: 4.7/10. Published 2017-03-30.

How severe is CVE-2017-6184?

Medium severity. CVSS v3 base score is 4.7 out of 10.

RCE in Sophos Web_appliance

CVE-2017-6184

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.012 (79.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.

Affected products

Sophos Web_appliance
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

References

cve@mitre.org (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-6184?: CVE-2017-6184 is a medium-severity vulnerability in Sophos Web_appliance, classified under Command Injection. CVSS score: 4.7/10. Published 2017-03-30.
How severe is CVE-2017-6184?: Medium severity. CVSS v3 base score is 4.7 out of 10.