CVE-2020-29574
CyberoamOS (CROS) SQL Injection Vulnerability
CVSS
—
No CVSS
EPSS
4.7%
p91
KEV
YES
Feb 6, 2025
Exploit Today
77
0-100
Published: — · Last modified: —
Product
Sophos / CyberoamOS
Vulnerability
CyberoamOS (CROS) SQL Injection Vulnerability
Added to KEV
Feb 6, 2025
Remediate by
Feb 27, 2025
Known ransomware use
No
Summary description
CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
Required action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes
https://support.sophos.com/support/s/article/KBA-000007526 ; https://nvd.nist.gov/vuln/detail/CVE-2020-29574
No related CVEs by CWE or product.