CVE-2014-5502

CyberoamOS < 10.6.1 - Authenticated OS Command Injection via Multiple Opcode Parameters

Title source: llm
STIX 2.1

Description

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.

References (5)

Core 5
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-328/
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-333/
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-331/
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-332/
Vendor Advisory x_refsource_confirm
http://kb.cyberoam.com/default.asp?id=3049

Scores

EPSS 0.0232
EPSS Percentile 81.3%

Details

CWE
CWE-78
Status published
Products (2)
cyberoam/cyberoam_os < 10.4
cyberoam/cyberoam_os < 10.6.1
Published Oct 07, 2014
Tracked Since Feb 18, 2026