{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T09:34:45.740","vulnerabilities":[{"cve":{"id":"CVE-2016-9554","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T12:59:00.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account."},{"lang":"es","value":"La Sophos Web Appliance Remote / Secure Web Gateway server (versión 4.2.1.3) es vulnerable a una vulnerabilidad de inyección de comandos remotos en su interfaz web administrativa. Estas vulnerabilidades ocurren en MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), en el componente responsable de realizar test diagnósticos con la utilidad wget de UNIX. La aplicación no escapa adecuadamente la información pasada en la variable 'url' antes de llamar a la función de la clase executeCommand ($this->dtObj->executeCommand). Esta función llama a exec() con entrada de usuario no desinfectada permitiendo inyección remota de comandos. A la página que contiene las vulnerabilidades, /controllers/MgrDiagnosticTools.php, se accede mediante un comando incorporado que responde a la interfaz administrativa. El comando que llama a la página vulnerable (pasado en el parámetro 'section') es: 'configuration'. La explotación de esta vulnerabilidad da acceso shell a la máquina remota bajo la cuenta de usuario 'spiderman'."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:web_appliance:4.2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0F4F4AA-F2D3-4054-A293-E12C03C3B679"}]}]}],"references":[{"url":"http://pastebin.com/UB8Ye6ZU","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/95858","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"http://pastebin.com/UB8Ye6ZU","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/95858","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}}]}