SQL Injection Vulnerability in Cyberoam OS by Sophos
CVE-2020-29574
Key Information:
- Vendor
- Sophos
- Status
- Vendor
- CVE Published:
- 11 December 2020
Badges
Summary
An SQL injection vulnerability in the WebAdmin of Cyberoam OS allows unauthenticated attackers to execute arbitrary SQL statements remotely. This flaw can be exploited to gain unauthorized access or manipulate databases, posing significant security risks to affected systems. Proper patching and firewall configurations are essential to mitigate risks associated with this vulnerability.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
References
EPSS Score
10% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved