Hi everyone,
A critical shell injection vulnerability was recently discovered in Sophos Cyberoam Firewall appliances running CyberoamOS (CROS) version 10.6.6 MR-5 or earlier and responsibly disclosed to Sophos by an external security researcher.
The vulnerability can be potentially exploited by sending a malicious request to either the Web Admin or SSL VPN consoles, which would enable an unauthenticated remote attacker to execute arbitrary commands.
For more information, please refer to the below information:
This thread was automatically locked due to age.