CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
89.7%
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.
Vendor | Product | Version | CPE |
---|---|---|---|
cyberoam | cyberoam_os | * | cpe:2.3:o:cyberoam:cyberoam_os:*:ga:*:*:*:*:*:* |
cyberoam | cyberoam_os | * | cpe:2.3:o:cyberoam:cyberoam_os:*:rc4:*:*:*:*:*:* |