New Report: Severe Flaws in Cyberoam’s Firewall and VPN Technology Left At Least 86,000 Networks Vulnerable to Exploit

    Date 17 May 2020
    1876
    Posted By Brittany Day
    LS Hmepg 337x500 11

    A new report published by vpnMentor examines two critical vulnerabilities in cybersecurity provider Cyberoam’s firewall and VPN technology, which - both independently and combined - could be exploited by malicious actors to access the company’s email quarantine system without authentication and remotely execute arbitrary commands.

    These flaws were discovered by different security researchers working independently, and have both been patched by Sophos.

    The first security bug, which existed in the FirewallOS of the Cyberoam SSL VPN and allowed unauthenticated root remote command execution (pre-auth RCE), was reported in late 2019. This vulnerability provided access to any Cyberoam device by exploiting its email quarantine release system - without requiring the username and password for the account linked to it. VpnMentor explains the serious implications of this flaw: “We found many banks and big corporations were using Cyberoam products as a gateway to their network from the outside, so this opened direct access to their intranet (local networks, often with more sensitive data). Exploiting the vulnerability also allowed relatively easy escalation to ‘root’ access on the device, which would grant a malicious hacker total control of the target device - and potentially the entire network into which that device was integrated.” 

    Sohos attempted to remedy this security issue by installing a regex-based patch into their code; however, the tech giant’s work was far from over. A second critical remote code execution (RCE) vulnerability, which was discovered in January of 2020, could have been exploited by threat actors to bypass the patch in Cyberoam’s regex filter and create a more versatile attack targeting the quarantine email functionality of Cyberoam’s devices - without even needing a username or password. And exploiting this security bug was fairly simple: it involved encoding the previous RCE command through Base64 and wrapping it in a Linux Bash Command. Luckily, both of these flaws - which left at least 86,000 networks exposed and susceptible to data theft and account takeovers - were successfully patched before they were discovered and exploited by criminal hackers.

    Read more about these vulnerabilities in a vpnMentor report: Critical Flaws in Cybersecurity Devices Exposed Entire Networks to Attack and Takeover.

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/31-are-you-considering-making-the-switch-to-purism-s-new-librem-14-linux-laptop-to-improve-your-security-and-privacy-online?task=poll.vote&format=json
    31
    radio
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"3","type":"x","order":"2","pct":42.86,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.