CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2020-29574

CVSS 9.8v3.1pub. 2020-12-11upd. 2025-11-07

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sophos Cyberoamos

    OS
    Sophos
    ≤ 2020-12-04

CISA KEV — detailsi

Vendori
Sophos
Producti
CyberoamOS
Added to KEVi
February 6, 2025
Remediation deadline (US Federal)i
February 27, 2025(overdue)
Required action (CISA)i

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

CISA descriptioni

CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 27 lutego 2025
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2019-17059CRITICAL9.8ten sam produkt

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 a...

CVE-2023-1671CRITICAL9.8⚠ KEVten sam vendor

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than vers...

CVE-2022-3236CRITICAL9.8⚠ KEVten sam vendor

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sop...

CVE-2022-1040CRITICAL9.8⚠ KEVten sam vendor

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute cod...

CVE-2020-25223CRITICAL9.8⚠ KEVten sam vendor

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, a...