CVE Vulnerabilities

CVE-2014-9605

Improper Authentication

Published: Sep 04, 2015 | Modified: Feb 01, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.4 HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Netsweeper Netsweeper 3.1.0 (including) 3.1.10 (excluding)
Netsweeper Netsweeper 4.0.0 (including) 4.0.9 (excluding)
Netsweeper Netsweeper 4.1.0 (including) 4.1.2 (excluding)

Potential Mitigations

References