CVE 2021-20090

hello,

Alert Message:

Message:
SERVER-WEBAPP Arcadyan Routers CVE-2021-20090 Path Traversal Attempt

I got this Alert today, and the attacker is one of the company's computer,

I read an article about this vulnerability and so far I know that the attacker can bypass authentication on some routers build on Arcadyan firmware.

My concern is what should I do on the company's computer, is it might be at risk? how to mitigate such a vulnerability?

thank you

Added TAGs
[edited by: Raphael Alganes at 6:14 AM (GMT -7) on 13 Sep 2024]

Top Replies

Vivek Jagad 1 day ago in reply to Maroun Moussallem +1 verified

Great, looks like it is stopped Maroun now after the full scan...

0 Vivek Jagad 4 days ago

Hi Maroun Moussallem ,

Thank you for reaching out to the community, the message alert under the ips.log

server-webapp: Offers detection and blocking for vulnerabilities that affect Web-based applications.

Can you please share the screenshot or logs here ? You can ensure for a full endpoint scan on the computer which is at risk.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Maroun Moussallem 1 day ago in reply to Vivek Jagad

hello Vivek Jagad ,

thank you for the follow up,

regards,
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Vivek Jagad 1 day ago in reply to Maroun Moussallem

Attacker 192.168.10.102 must be generating the malicious traffic, have you completed a full scan on that client's machine ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Maroun Moussallem 1 day ago in reply to Vivek Jagad

thanks for the quick reply,

yes, I did.

also, I asked the user what he was doing during at that time, or if he visited any particular website. everything seemed okay.

is there anythg that I have to do?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Vivek Jagad 1 day ago in reply to Maroun Moussallem

There was only one hit it seems, have you noted any more similar events generating from that source ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Maroun Moussallem 1 day ago in reply to Vivek Jagad

no events appeared after that single hit.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Vivek Jagad 1 day ago in reply to Maroun Moussallem

Great, looks like it is stopped Maroun now after the full scan...

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel
0 Maroun Moussallem 1 day ago in reply to Vivek Jagad

thank you vivek
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel