CVE-2014-5502

Sophos Cyberoam sslvpn_liveuser_delete Command Injection Remote Code Execution Vulnerability

Severity Score

9.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.

Los dispositivos Sophos Cyberoam con CyberoamOS anterior a 10.6.1 GA permite a usuarios remotos autenticados inyectar comandos arbitrarios a través de un código de operación (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, o (4) ccc_flush_sql_file.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Cyberoam. Authentication is required to exploit this vulnerability.
The specific flaw exists within the sslvpn_liveuser_delete opcode. The issue lies in the failure to properly sanitize user-supplied input before executing commands. An attacker can leverage this vulnerability to execute code under the context of the current process.

*Credits: agix

CVSS Scores

NISTv2 9.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-08-28 CVE Reserved
2014-10-01 CVE Published
2023-11-01 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (5)

URL	Tag	Source
http://www.zerodayinitiative.com/advisories/ZDI-14-328	X_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-331	X_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-332	X_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-333	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://kb.cyberoam.com/default.asp?id=3049	2014-10-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cyberoam Search vendor "Cyberoam"		Cyberoam Os Search vendor "Cyberoam" for product "Cyberoam Os"				<= 10.4 Search vendor "Cyberoam" for product "Cyberoam Os" and version " <= 10.4"		ga		Affected
Cyberoam Search vendor "Cyberoam"		Cyberoam Os Search vendor "Cyberoam" for product "Cyberoam Os"				<= 10.6.1 Search vendor "Cyberoam" for product "Cyberoam Os" and version " <= 10.6.1"		rc4		Affected