SQL Injection Vulnerability in Cyberoam OS by Sophos
CVE-2020-29574

9.8CRITICAL

Key Information:

Vendor

Sophos
Status
Cyberoamos
Vendor
CVE Published:
11 December 2020

Badges

👾 Exploit Exists🟣 EPSS 12%🦅 CISA Reported

What is CVE-2020-29574?

An SQL injection vulnerability in the WebAdmin of Cyberoam OS allows unauthenticated attackers to execute arbitrary SQL statements remotely. This flaw can be exploited to gain unauthorized access or manipulate databases, posing significant security risks to affected systems. Proper patching and firewall configurations are essential to mitigate risks associated with this vulnerability.

CISA has reported CVE-2020-29574

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2020-29574 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

References

https://www.cyberoam.com/ngfw.html
x_refsource_MISC
https://www.bleepingcomputer.com/news/security/sophos-fix...
x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.