Design/Logic Flaw

2014-10-0714:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.

CPENameOperatorVersion
cyberoam_osle10.6.1
cyberoam_osle10.4

CPE	Name	Operator	Version
	cyberoam_os	le	10.6.1
	cyberoam_os	le	10.4

References

kb.cyberoam.com/default.asp?id=3049

www.zerodayinitiative.com/advisories/ZDI-14-328/

www.zerodayinitiative.com/advisories/ZDI-14-331/

www.zerodayinitiative.com/advisories/ZDI-14-332/

www.zerodayinitiative.com/advisories/ZDI-14-333/