CyberSec.Space Logo
返回 CVE 浏览器

CVE-2014-5502

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile18.59th
Published2014年10月7日
Last Modified2026年5月6日

Vulnerability Description

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.

Affected Platforms (CPE)

💻
Cyberoam

Cyberoam Os

<= 10.4
💻
Cyberoam

Cyberoam Os

<= 10.6.1

References & Advisories

🔗 http://kb.cyberoam.com/default.asp?id=3049
🔗 http://www.zerodayinitiative.com/advisories/ZDI-14-328/
🔗 http://www.zerodayinitiative.com/advisories/ZDI-14-331/
🔗 http://www.zerodayinitiative.com/advisories/ZDI-14-332/
🔗 http://www.zerodayinitiative.com/advisories/ZDI-14-333/
🔗 http://kb.cyberoam.com/default.asp?id=3049
🔗 http://www.zerodayinitiative.com/advisories/ZDI-14-328/
🔗 http://www.zerodayinitiative.com/advisories/ZDI-14-331/

相关漏洞威胁

CVE-2014-550310.0

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows re...

CVE-2020-370959.8

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary ...

CVE-2020-295749.8

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbit...

CVE-2019-170599.8

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attacke...