Skip to content

Advisory: Resolved: Cyberoam SQL injection vulnerability

What happened?

A pre-authentication SQL injection vulnerability was recently discovered and fixed on Cyberoam operating system (CROS) devices. This type of vulnerability could allow SQL statements to be executed remotely, but only if the administration interface (HTTPS admin service) was exposed on the WAN zone. No other Sophos products were affected. 

How did Sophos respond?

Sophos patched the vulnerability by deploying a hotfix to all supported CROS versions beginning on December 4, 2020. 

Hotfix Information

CROS Version 
Hotfix Issued 
Version 10.6.4 and above 
December 4, 2020 
Version 10.6.3 MR4 & MR5, 10.6.2 MR1 
December 5, 2020  Note: Unsupported version - Please upgrade to the latest CROS version or to our next-gen XG Firewall for advanced security, performance, and protection  
All versions prior to and including 10.6.1  
N/A  Note: Unsupported version - Please upgrade to the latest CROS version or to our next-gen XG Firewall for advanced security, performance, and protection 

How can I ensure that I receive the hotfix? 

For all CROS devices that are using the default setting of “Allow Over-the-air Hotfix" automatic updates, the hotfix was automatically installed and there is no action required. 

Customers who have changed this default setting need to re-enable this option to receive the hotfix: (System -> Maintenance -> Updates-> “Allow Over-the-air hotfix”) 

How can I check the hotfix version on my device? 

From the Cyberoam Console, execute the following command to show all version information: 

  • Console> cyberoam diagnostics show version-info

Referencing the following table, verify that your Hot Fix version number is the same or greater than the listed number below. 

CROS Version  Hardware Model  Hotfix Version 
10.6.6 MR6  All 
10.6.6 MR5  All  12 
10.6.6 MR4  All  13 
10.6.6 MR3  All  16 
10.6.6 MR2  All  16 
10.6.6 MR1  All  16 
10.6.6 GA  CR10/15 All other  19 20 
10.6.5 MR1  CR10/15 All other  17 18 
10.6.5 GA  All  18 
10.6.4 MR1  CR10/15 All other  20 21 
10.6.4 GA  CR10/15 All other  19 20 

Is there any additional action that customers should take? 

We strongly recommend the following network security best practices: 

  • Customers should always ensure they are running supported hardware and software versions.
  • Ensure the web admin (HTTP/HTTPS) and SSH are not exposed to the WAN zone (System > Administration > Appliance Access). Use VPN instead for added security when managing Cyberoam devices remotely.
  • Conduct regular firewall security audits to reduce risk: review all firewall rules, NAT port-forwarding, and access control lists (ACLs).
  • Audit user accounts, remove unnecessary accounts, change admin passwords regularly, and use strong passwords managed via a password manager to reduce the risk of unauthorized access. 

As a reminder, the Cyberoam platform is nearing End of Life (EOL). Upgrading to XG Firewall offers advanced security, performance, protection, and features. XG Firewall v17.5 is fully compatible with Cyberoam devices and this 10-step migration guide provides an easy process for moving your Cyberoam configuration to XG Firewall firmware. 

Previous article TMRM Scheduled Maintenance on January 26, 2021 for RM Pro (WFXDR) New Feature Release

More General News Posts