CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
56.8%
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
Vendor | Product | Version | CPE |
---|---|---|---|
cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:-:*:*:*:*:*:* |
cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:beta1:*:*:*:*:*:* |
cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:beta2:*:*:*:*:*:* |
cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:maintenance_release-1:*:*:*:*:*:* |
cyberoam | cyberoamos | 10.6.2 | cpe:2.3:o:cyberoam:cyberoamos:10.6.2:rc1:*:*:*:*:*:* |
cyberoam | cr500ing-xp | - | cpe:2.3:h:cyberoam:cr500ing-xp:-:*:*:*:*:*:*:* |