CVE-2014-5501

critical

Published 2014-10-07 · Modified 2026-05-06

CVSS v3

—

CVSS v2

9.3

VIR risk

9.3

Description

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://kb.cyberoam.com/default.asp?id=3049

References

http://kb.cyberoam.com/default.asp?id=3049
http://www.zerodayinitiative.com/advisories/ZDI-14-334/
http://kb.cyberoam.com/default.asp?id=3049
http://www.zerodayinitiative.com/advisories/ZDI-14-334/

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.