Vulnerability Description
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cyberoam | Cyberoam Os | <= 10.4 |
Related Weaknesses (CWE)
References
- http://kb.cyberoam.com/default.asp?id=3049Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-14-328/
- http://www.zerodayinitiative.com/advisories/ZDI-14-331/
- http://www.zerodayinitiative.com/advisories/ZDI-14-332/
- http://www.zerodayinitiative.com/advisories/ZDI-14-333/
- http://kb.cyberoam.com/default.asp?id=3049Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-14-328/
- http://www.zerodayinitiative.com/advisories/ZDI-14-331/
- http://www.zerodayinitiative.com/advisories/ZDI-14-332/
- http://www.zerodayinitiative.com/advisories/ZDI-14-333/
FAQ
What is CVE-2014-5502?
CVE-2014-5502 is a vulnerability with a CVSS score of 9.0 (HIGH). The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveus...
How severe is CVE-2014-5502?
CVE-2014-5502 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5502?
Check the references section above for vendor advisories and patch information. Affected products include: Cyberoam Cyberoam Os.