Lucene search
HistorySep 04, 2015 - 3:59 p.m.
CVE-2015-6811
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.4
Confidence
Low
EPSS
0.002
Percentile
56.8%
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
Affected configurations
Node
cyberoamcyberoamosMatch10.6.2-
ORcyberoamcyberoamosMatch10.6.2beta1
ORcyberoamcyberoamosMatch10.6.2beta2
ORcyberoamcyberoamosMatch10.6.2maintenance_release-1
ORcyberoamcyberoamosMatch10.6.2rc1
cyberoamcr500ing-xpMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:-:*:*:*:*:*:* |
| cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:beta1:*:*:*:*:*:* |
| cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:beta2:*:*:*:*:*:* |
| cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:maintenance_release-1:*:*:*:*:*:* |
| cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:rc1:*:*:*:*:*:* |
| cyberoam | cr500ing-xp | - | cpe:2.3:h:cyberoam:cr500ing-xp:-:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2015-6811
2015-09-04 15:59:09
prion
prion
Sql injection
2015-09-04 15:59:00
exploitdb
exploitdb
Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection
2015-08-31 00:00:00
cvelist
cvelist
CVE-2015-6811
2015-09-04 15:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.4
Confidence
Low
EPSS
0.002
Percentile
56.8%
Related for NVD:CVE-2015-6811