CVE-2020-29574 CyberoamOS (CROS) SQL Injection

Read more about “CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability” and the most important cybersecurity news to stay up to date with

CVE-2020-29574 is a critical SQL injection vulnerability identified in the WebAdmin interface of CyberoamOS versions up to December 4, 2020. This flaw allows unauthenticated attackers to remotely execute arbitrary SQL statements, potentially compromising the security of affected systems.

nvd.nist.gov

What is Vulnerable to CVE-2020-29574

All devices running CyberoamOS versions released on or before December 4, 2020, are susceptible to this vulnerability. The WebAdmin component, which facilitates administrative management of Cyberoam devices, is the specific vector through which the SQL injection can be exploited.

nvd.nist.gov

Mitigation and Remediation for CVE-2020-29574

To address this vulnerability, the following steps are recommended:

Apply the Hotfix: Sophos has released a hotfix that was distributed to all supported CyberoamOS devices starting December 4, 2020. This hotfix was also extended to unsupported end-of-life versions 10.6.2 and later.
nvd.nist.gov
Upgrade the Firmware: Sophos advises users to upgrade to XG Firewall version 17.5 or the latest available CyberoamOS release to ensure comprehensive protection against this and other vulnerabilities.
Restrict Administrative Access: Ensure that WebAdmin and SSH access are not exposed to the WAN. This can be configured by navigating to System > Administration > Appliance Access and adjusting the settings accordingly.

Impact of Successful Exploitation of CVE-2020-29574

Exploiting this vulnerability allows attackers to execute arbitrary SQL commands on the affected device without authentication. This can lead to unauthorized access to sensitive information, modification or deletion of data, and potential full compromise of the device’s integrity and availability. Notably, there have been instances where attackers utilized this vulnerability to create unauthorized administrative accounts, further escalating the security risk.

news.sophos.com

Proof of Concept for CVE-2020-29574

As of now, there is no publicly available proof-of-concept exploit for CVE-2020-29574. However, the vulnerability has been actively exploited in the wild, underscoring the importance of immediate remediation.

cisa.gov

For detailed technical information and updates, refer to the official Sophos security advisory.

Learn more about WNE Security products and services that can help keep you cyber safe.

Learn about CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability and other vulnerabilities and best practices by subscribing to our newsletter.

Subscribe to WNE Security’s newsletter for the latest cybersecurity best practices, 0-days, and breaking news. Or learn more about “CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability”