CVE-2014-5502
critical
CVSS v3
—
VIR risk
9.0
Description
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
References
- http://kb.cyberoam.com/default.asp?id=3049
- http://www.zerodayinitiative.com/advisories/ZDI-14-328/
- http://www.zerodayinitiative.com/advisories/ZDI-14-331/
- http://www.zerodayinitiative.com/advisories/ZDI-14-332/
- http://www.zerodayinitiative.com/advisories/ZDI-14-333/
- http://kb.cyberoam.com/default.asp?id=3049
- http://www.zerodayinitiative.com/advisories/ZDI-14-328/
- http://www.zerodayinitiative.com/advisories/ZDI-14-331/
- http://www.zerodayinitiative.com/advisories/ZDI-14-332/
- http://www.zerodayinitiative.com/advisories/ZDI-14-333/
CWEs
CWE-78
💬 Discuss CVE-2014-5502 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.