By Eduard Kovacs on October 14, 2019
A critical vulnerability patched recently by Sophos in its Cyberoam firewall appliances allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges.
The flaw, tracked as CVE-2019-17059, affects the CyberoamOS Linux-based operating system and it can be exploited by sending specially crafted requests to the product’s Web Admin or SSL VPN consoles.
The vulnerability was disclosed through TheBestVPN, which recently published a blog post detailing the weakness and how it can be exploited.