Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Netsweeper | Netsweeper | * | 3.1.9 (including) |
| Netsweeper | Netsweeper | 4.0.0 (including) | 4.0.0 (including) |
| Netsweeper | Netsweeper | 4.0.1 (including) | 4.0.1 (including) |
| Netsweeper | Netsweeper | 4.0.2 (including) | 4.0.2 (including) |
| Netsweeper | Netsweeper | 4.0.3 (including) | 4.0.3 (including) |
| Netsweeper | Netsweeper | 4.0.4 (including) | 4.0.4 (including) |
| Netsweeper | Netsweeper | 4.0.5 (including) | 4.0.5 (including) |
| Netsweeper | Netsweeper | 4.0.6 (including) | 4.0.6 (including) |
| Netsweeper | Netsweeper | 4.0.7 (including) | 4.0.7 (including) |
| Netsweeper | Netsweeper | 4.0.8 (including) | 4.0.8 (including) |
| Netsweeper | Netsweeper | 4.1.0 (including) | 4.1.0 (including) |
| Netsweeper | Netsweeper | 4.1.1 (including) | 4.1.1 (including) |