Open gwillcox-r7 opened 1 year ago
Hi I would like to work on this issue, but I couldn't get to run the vulnerable software linked here, it'd be helpful if @wvu could provide the vulnerable software link
Pretty sure that's where I got it from.
How did you set it up? I downloaded all the swa proxy files into a directory and used VMware workstation player(website says we can use workstation for testing purposes instead of esx) to open the .ovf file but it raised a duplicate interfaceID error while loading it up. Searching for the error online didnt seem to help much.
Summary
Preauth RCE in Sophos Web Appliance prior to 4.3.10.4 allows attackers to easily gain control over vulnerable devices.
Basic example
POC: https://github.com/W01fh4cker/CVE-2023-1671-POC or https://github.com/ohnonoyesyes/CVE-2023-1671. Writeup: https://vulncheck.com/blog/cve-2023-1671-analysis
Motivation
Preauth RCE in a decently popular product. Caveats are as listed below: