• Advisory: CVE-2019-17059: Cyberoam Firewall Remote Code Execution Vulnerability


    A critical shell injection vulnerability in Sophos Cyberoam Firewall appliances running CyberoamOS (CROS) version 10.6.6 MR-5 and earlier was recently discovered and responsibly disclosed to Sophos by an external security researcher.

    The vulnerability can be potentially exploited by sending a malicious request to either the Web Admin or SSL VPN consoles, which would enable an unauthenticated remote attacker to…

  • Exim CVE-2019-15846 and Sophos Products


    CVE-2019-15846 outlines a vulnerability in Exim whereby a specially crafted SNI ending can be utilized to run arbitrary code on the vulnerable server

    This vulnerability is not exploitable on any Sophos products, see the table below for more information.

    Sophos Email Products and CVE-2019-15846
    Product Vulnerable Further information Sophos XG Firewall No The TLS headers that are used to exploit this vulnerability…