CVE-2020-29574
published 2020-12-11CVE-2020-29574: An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-02-27
Exploited in the wild
EPSS
4.73%
90.7th percentile
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sophos | cyberoamos | <= 2020-12-04 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is an unauthenticated SQL injection in the WebAdmin interface of CyberoamOS (CROS); monitor for anomalous or malformed SQL-bearing HTTP requests targeting the WebAdmin component ↗
- →No authentication is required to exploit this vulnerability; any unauthenticated inbound request to the CyberoamOS WebAdmin interface carrying SQL metacharacters or injection payloads should be treated as suspicious ↗
- ·The affected product (CyberoamOS / CROS) is end-of-life and end-of-service; no patch will be issued. Detection efforts should focus on identifying continued use of the product in the environment and blocking all external access to its WebAdmin interface. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v2fr-wv49-j53x: An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements
ghsa_unreviewed·2022-05-24
CVE-2020-29574 [CRITICAL] CWE-89 GHSA-v2fr-wv49-j53x: An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
VulnCheck
CyberoamOS (CROS) SQL Injection Vulnerability
vulncheck·2020·CVSS 9.8
CVE-2020-29574 [CRITICAL] CWE-89 CyberoamOS (CROS) SQL Injection Vulnerability
CyberoamOS (CROS) SQL Injection Vulnerability
CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
Affected: Sophos CyberoamOS
Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Exploitation References: https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/; https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/; https://eclypsium.com/blog/salt-typhoon/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cyble.com/resources/research-reports/global-cybersecurity-report/; https://www.loginsoft.com/reports/annually/v
CISA
CyberoamOS (CROS) SQL Injection Vulnerability
cisa·2025-02-06·CVSS 9.8
CVE-2020-29574 [CRITICAL] CWE-89 CyberoamOS (CROS) SQL Injection Vulnerability
Vulnerability: CyberoamOS (CROS) SQL Injection Vulnerability
Affected: Sophos CyberoamOS
CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes: https://support.sophos.com/support/s/article/KBA-000007526 ; https://nvd.nist.gov/vuln/detail/CVE-2020-29574
Remediation Due Date: 2025-02-27
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os/https://www.cyberoam.com/ngfw.htmlhttps://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os/https://www.cyberoam.com/ngfw.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-29574
2020-12-11
Published
2025-02-06
Added to CISA KEV
Exploited in the wild