Lucene search
MitreCVE-2014-5502HistoryOct 07, 2014 - 2:55 p.m.
CVE-2014-5502
2014-10-0714:55:06
CWE-78
mitre
web.nvd.nist.gov
15
cve-2014-5502
sophos
cyberoam
cyberoamos
remote authenticated users
arbitrary commands
security vulnerability
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
AI Score
6.7
Confidence
Low
EPSS
0.023
Percentile
89.7%
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.
Affected configurations
Node
cyberoamcyberoam_osRange≤10.4ga
ORcyberoamcyberoam_osRange≤10.6.1rc4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cyberoam | cyberoam_os | * | cpe:2.3:o:cyberoam:cyberoam_os:*:ga:*:*:*:*:*:* |
| cyberoam | cyberoam_os | * | cpe:2.3:o:cyberoam:cyberoam_os:*:rc4:*:*:*:*:*:* |
Related
zdi
zdi
prion
prion
Design/Logic Flaw
2014-10-07 14:55:00
nvd
nvd
CVE-2014-5502
2014-10-07 14:55:06
cvelist
cvelist
CVE-2014-5502
2014-10-07 14:00:00
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
AI Score
6.7
Confidence
Low
EPSS
0.023
Percentile
89.7%
Related for CVE-2014-5502