Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Sophos fixed a critical vulnerability in Cyberoam firewalls

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password. “A critical shell injection vulnerability in Sophos […]

Cyberoam firewall

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication.

Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

“A critical shell injection vulnerability in Sophos Cyberoam Firewall appliances running CyberoamOS (CROS) version 10.6.6 MR-5 and earlier was recently discovered and responsibly disclosed to Sophos by an external security researcher.” reads the advisory published by Sophos.

“The vulnerability can be potentially exploited by sending a malicious request to either the Web Admin or SSL VPN consoles, which would enable an unauthenticated remote attacker to execute arbitrary commands.”

Cyberoam firewall

The vulnerability is a critical shell injection vulnerability that could allow a remote attacker to gain “root” permissions on vulnerable equipment, it could be exploited by sending malicious commands across the internet.

The vulnerability, tracked as CVE-2019-17059, was discovered by the security expert Rob Mardisalu that reported it to Sophos. The expert also reported the issue to Techcrunch that first reported the news.

“We’ve been working hard with internal and external security researchers to uncover serious remotely exploitable loopholes in SSL VPNs and Firewalls like Cyberoam, Fortigate and Cisco VPNs.” reads the security advisory published by the expert. “This Cyberoam exploit, dubbed CVE-2019-17059 is a critical vulnerability that lets attackers access your Cyberoam device without providing any username or password. On top of that, the access granted is the highest level (root), which essentially gives an attacker unlimited rights on your Cyberoam device.”

Cyberoam firewalls are used in large enterprises, they offer stateful and deep packet inspection for network, application and user identity-based security. Cyberoam Firewall protects organizations from DoS, DDoS and IP Spoofing attacks.

Mardisalu revealed that according to Shodan there are more than 96,000 internet-facing Cyberoam devices worldwide, most of them in enterprises, universities and banks.

The flaw is similar to the recently disclosed vulnerabilities in Palo Alto Networks, Pulse Secure and Fortinet VPN solutions.

“It’s a similar vulnerability to recently disclosed flaws in corporate VPN providers, notably Palo Alto Networks, Pulse Secure and Fortinet, which allowed attackers to gain access to a corporate network without needing a user’s password.” reported TechCrunch “Many large tech companies, including Twitter and Uber, were affected by the vulnerable technology, prompting Homeland Security to issue an advisory to warn of the risks.”

The flaw affects Cyberoam Firewalls running CROS 10.6.6 MR-5 and earlier, Sophos plans to include a fix in the next update of its CyberoamOS operating system.

“There are a small amount of devices that have not as of yet been patched because the customer has turned off auto-update and/or are not internet-facing devices.” said the spokesperson.

The researcher will release the proof-of-concept code in the coming months.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Cyberoam firewalls, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]