Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability.
Sophos purchased firewall and router maker Cyberoam Technologies in 2014 and has been offering free upgrades to their XG Firewall OS since 2019.
Today, Sophos disclosed that a SQL injection vulnerability was fixed in the Cyberoam (CROS) operating system that could remotely add accounts to a CROS device.
“A pre-authentication SQL injection vulnerability was recently discovered and fixed on Cyberoam operating system (CROS) devices. This type of vulnerability could allow SQL statements to be executed remotely, but only if the administration interface (HTTPS admin service) was exposed on the WAN zone,” the Sophos advisory explains.
Sophos has told BleepingComputer that they are currently investigating whether threat actors have exploited this vulnerability.
“A small subset of Cyberoam devices were affected by a pre-authentication SQL injection vulnerability and we quickly deployed a hotfix to these devices. No further action is required. More information is available at the Community Page and KBA.”
“We’ve been phasing out Cyberoam devices since early 2019, and recommend users update to XG Firewall. An easy upgrade path is available that allows Cyberoam users to upgrade their software free of charge,” Sophos told BleepingComputer in a statement.
This vulnerability does not impact Sophos XG Firewall and SG UTM devices.
Sophos has already deployed a hotfix for this vulnerability on all supported versions of CROS, and affected devices should be updated immediately to the latest version. CROS devices utilizing “Allow Over-the-air Hotfix” will automatically have the hotfix delivered to their devices.
To check if the hotfix is installed, customers can enter the following command from the CROS console:
cyberoam diagnostics show version-infoAdmins should compare the outputted version information with the following table to determine if the hotfix has been added. If the Hotfix Version number is the same or greater than what is displayed in the console, it means the hotfix has been installed.
|
CROS Version |
Hardware Model |
Hotfix Version |
|
10.6.6 MR6 |
All |
3 |
|
10.6.6 MR5 |
All |
12 |
|
10.6.6 MR4 |
All |
13 |
|
10.6.6 MR3 |
All |
16 |
|
10.6.6 MR2 |
All |
16 |
|
10.6.6 MR1 |
All |
16 |
|
10.6.6 GA |
CR10/15 All other |
19 20 |
|
10.6.5 MR1 |
CR10/15 All other |
17 18 |
|
10.6.5 GA |
All |
18 |
|
10.6.4 MR1 |
CR10/15 All other |
20 21 |
|
10.6.4 GA |
CR10/15 All other |
19 20 |
Sophos also advises administrators to disable WAN access to the web admin and SSH interfaces and check the devices for suspicious users.
Cyberoam owners can learn how to migrate to the XG Firewall software using this migration guide.
To read the original article: