CVE-2020-29574 — CyberoamOS (CROS) SQL Injection Vulnerability
2025-02-06 • CISA Known Exploited Vulnerability
[event] CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Sophos |
| Product | CyberoamOS |
| CWE | CWE-89 |
| CVE ID | CVE-2020-29574 |
| Date Added | 2025-02-06 |
| Due Date | 2025-02-27 |
| Ransomware Campaign | Unknown |
> MITIGATION
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Due Date: 2025-02-27