CVE-2019-17059
CRITICALSophos Cyberoam < 10.6.6 - OS Command Injection via Web Admin and SSL VPN Consoles
Title source: llmDescription
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://community.sophos.com/products/cyberoamos/
Vendor Advisory x_refsource_confirm
https://community.sophos.com/kb/en-us/134732
Exploit, Third Party Advisory x_refsource_misc
https://thebestvpn.com/cyberoam-preauth-rce/
Scores
CVSS v3
9.8
EPSS
0.0558
EPSS Percentile
90.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
sophos/cyberoamos
10.6.6 (6 CPE variants)
sophos/cyberoamos
< 10.6.6
Published
Oct 11, 2019
Tracked Since
Feb 18, 2026