CyberSec.Space Logo
Back to CVE Browser

CVE-2020-29574

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score92.9320%
EPSS Percentile87.70th
PublishedDec 11, 2020
Last ModifiedNov 7, 2025

Vulnerability Description

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.

Affected Platforms (CPE)

πŸ’»
Sophos

Cyberoamos

<= 2020-12-04

References & Advisories

πŸ”— https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os/
πŸ”— https://www.cyberoam.com/ngfw.html
πŸ”— https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os/
πŸ”— https://www.cyberoam.com/ngfw.html
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-29574

Related Vulnerabilities

CVE-2014-550310.0

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows re...

CVE-2019-170599.8

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attacke...

CVE-2014-55019.3

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remo...

CVE-2014-55029.0

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via...