CRITICAL🇬🇧 English

CVE-2019-17059

CVSS 9.8v3.1pub. 2019-10-11upd. 2024-11-21

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sophos Cyberoam

    HW
    Sophos
    wszystkie wersje
  • Sophos Cyberoamos

    OS
    Sophos
    10.6.6< 10.6.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
FirewallVPNCommand Injection
CWE
Referencje

Powiązane podatności

CVE-2020-29574CRITICAL9.8⚠ KEVten sam produkt

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attack...

CVE-2016-9834MEDIUM6.1ten sam produkt

An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installatio...

CVE-2023-1671CRITICAL9.8⚠ KEVten sam vendor

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than vers...

CVE-2022-3236CRITICAL9.8⚠ KEVten sam vendor

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sop...

CVE-2022-1040CRITICAL9.8⚠ KEVten sam vendor

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute cod...