CVE-2019-17059

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.

Published : 2019-10-11 17:15 Updated : 2019-10-16 12:58

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Sophos Cyberoamos 10.6.1 cpe:/o:sophos:cyberoamos:10.6.1:-
Sophos Cyberoamos 10.6.1 cpe:/o:sophos:cyberoamos:10.6.1:maintenance_release1
Sophos Cyberoamos 10.6.1 cpe:/o:sophos:cyberoamos:10.6.1:maintenance_release2
Sophos Cyberoamos 10.6.1 cpe:/o:sophos:cyberoamos:10.6.1:maintenance_release3
Sophos Cyberoamos 10.6.2 cpe:/o:sophos:cyberoamos:10.6.2:-
Sophos Cyberoamos 10.6.2 cpe:/o:sophos:cyberoamos:10.6.2:maintenance_release1
Sophos Cyberoamos 10.6.3 cpe:/o:sophos:cyberoamos:10.6.3:-
Sophos Cyberoamos 10.6.3 cpe:/o:sophos:cyberoamos:10.6.3:maintenance_release1
Sophos Cyberoamos 10.6.3 cpe:/o:sophos:cyberoamos:10.6.3:maintenance_release2
Sophos Cyberoamos 10.6.3 cpe:/o:sophos:cyberoamos:10.6.3:maintenance_release3
Sophos Cyberoamos 10.6.3 cpe:/o:sophos:cyberoamos:10.6.3:maintenance_release4
Sophos Cyberoamos 10.6.3 cpe:/o:sophos:cyberoamos:10.6.3:maintenance_release5
Sophos Cyberoamos 10.6.4 cpe:/o:sophos:cyberoamos:10.6.4:-
Sophos Cyberoamos 10.6.4 cpe:/o:sophos:cyberoamos:10.6.4:maintenance_release1
Sophos Cyberoamos 10.6.5 cpe:/o:sophos:cyberoamos:10.6.5:-
Sophos Cyberoamos 10.6.5 cpe:/o:sophos:cyberoamos:10.6.5:maintenance_release1
Sophos Cyberoamos 10.6.6 cpe:/o:sophos:cyberoamos:10.6.6:-
Sophos Cyberoamos 10.6.6 cpe:/o:sophos:cyberoamos:10.6.6:maintenance_release1
Sophos Cyberoamos 10.6.6 cpe:/o:sophos:cyberoamos:10.6.6:maintenance_release2
Sophos Cyberoamos 10.6.6 cpe:/o:sophos:cyberoamos:10.6.6:maintenance_release3
Sophos Cyberoamos 10.6.6 cpe:/o:sophos:cyberoamos:10.6.6:maintenance_release4
Sophos Cyberoamos 10.6.6 cpe:/o:sophos:cyberoamos:10.6.6:maintenance_release5
  1. Sophos (1) Search CVE
    1. Cyberoamos (6) Search CVE
      1. 10.6.1
      2. 10.6.2
      3. 10.6.3
      4. 10.6.4
      5. 10.6.5
      6. 10.6.6

CWE

ID Name Description Links
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-16 12:58
2019-10-11 17:15

New CVE