返回 CVE 瀏覽器

CVE-2020-29574

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score92.9320%

EPSS Percentile87.70th

Published2020年12月11日

Last Modified2025年11月7日

Vulnerability Description

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.

Affected Platforms (CPE)

💻

Sophos

Cyberoamos

<= 2020-12-04

References & Advisories

🔗 https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os/

🔗 https://www.cyberoam.com/ngfw.html

🔗 https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os/

🔗 https://www.cyberoam.com/ngfw.html

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-29574

相關漏洞威脅

CVE-2014-550310.0

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows re...

CVE-2019-170599.8

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attacke...

CVE-2014-55019.3

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remo...

CVE-2014-55029.0

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via...