CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-17059

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile33.13th
Published2019年10月11日
Last Modified2024年11月21日

Vulnerability Description

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.

Affected Platforms (CPE)

💻
Sophos

Cyberoamos

< 10.6.6
💻
Sophos

Cyberoamos

= 10.6.6
💻
Sophos

Cyberoamos

= 10.6.6
💻
Sophos

Cyberoamos

= 10.6.6
💻
Sophos

Cyberoamos

= 10.6.6
💻
Sophos

Cyberoamos

= 10.6.6
💻
Sophos

Cyberoamos

= 10.6.6

References & Advisories

🔗 https://community.sophos.com/kb/en-us/134732
🔗 https://community.sophos.com/products/cyberoamos/
🔗 https://thebestvpn.com/cyberoam-preauth-rce/
🔗 https://community.sophos.com/kb/en-us/134732
🔗 https://community.sophos.com/products/cyberoamos/
🔗 https://thebestvpn.com/cyberoam-preauth-rce/

関連する脆弱性情報

CVE-2014-550310.0

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows re...

CVE-2014-55019.3

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remo...

CVE-2014-55029.0

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via...

CVE-2015-68117.5

SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows r...