CyberSec.Space Logo
Back to CVE Browser

CVE-2014-5502

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile18.59th
PublishedOct 7, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.

Affected Platforms (CPE)

πŸ’»
Cyberoam

Cyberoam Os

<= 10.4
πŸ’»
Cyberoam

Cyberoam Os

<= 10.6.1

References & Advisories

πŸ”— http://kb.cyberoam.com/default.asp?id=3049
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-328/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-331/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-332/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-333/
πŸ”— http://kb.cyberoam.com/default.asp?id=3049
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-328/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-331/

Related Vulnerabilities

CVE-2014-550310.0

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows re...

CVE-2020-370959.8

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary ...

CVE-2020-295749.8

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbit...

CVE-2019-170599.8

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attacke...