Advisory: SQL injection vulnerability on Cyberoam Firewall devices

A SQL injection vulnerability has been discovered in Cyberoam appliances running the Cyberoam operating system (CROS) that allows for unauthenticated remote code execution.

A small percentage of appliances have been impacted by a cryptominer that consumed CPU cycles, and our investigations have found no evidence that any data has been compromised or exfiltrated from those appliances.

For customers running CROS version 10.6.1 and above that use the default setting of automatic updates, the hotfix was automatically installed, and there is no action required. Customers who have changed their default settings will need to apply the update manually.

CROS Version

Patch Distributed

Version 10.6.3 and above

December 7, 2017

Version 10.6.1, 10.6.2.x

December 8, 2017

All versions prior to 10.6.1

Upgrade to current CROS version

If you have any further questions please contact Sophos Support.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

Leave a Reply