Cyberoamos
by Cyberoam
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3372 | Hig | 0.48 | 7.4 | 0.01 | Jul 9, 2012 | The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the… | ||
| CVE-2020-29574 | 0.13 | — | 0.05 | KEV | Dec 11, 2020 | An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | ||
| CVE-2021-38702 | 0.03 | — | 0.07 | Aug 17, 2021 | Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks. | |||
| CVE-2015-6811 | 0.03 | — | 0.02 | Sep 4, 2015 | SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. | |||
| CVE-2014-5503 | 0.00 | — | 0.02 | Oct 7, 2014 | SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. | |||
| CVE-2014-5502 | 0.00 | — | 0.02 | Oct 7, 2014 | The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode. | |||
| CVE-2014-5501 | 0.00 | — | 0.04 | Oct 7, 2014 | Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. |
- risk 0.48cvss 7.4epss 0.01
The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the…
- risk 0.13cvss —epss 0.05
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
- CVE-2021-38702Aug 17, 2021risk 0.03cvss —epss 0.07
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.
- CVE-2015-6811Sep 4, 2015risk 0.03cvss —epss 0.02
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
- CVE-2014-5503Oct 7, 2014risk 0.00cvss —epss 0.02
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.
- CVE-2014-5502Oct 7, 2014risk 0.00cvss —epss 0.02
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.
- CVE-2014-5501Oct 7, 2014risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.