vendor:
Cyberoam UTM
by:
Chintan Gurjar (Frogy)
8.8
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: Cyberoam UTM
Affected Version From: 10.6.3 MR-5
Affected Version To: 10.6.3 MR-5
Patch Exists: YES
Related CWE: CVE-2016-7786
CPE: 2.3:a:sophos:cyberoam_utm_cr25ing:10.6.3:mr-5
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: None
2016
Sophos Cyberoam UTM – Privilege Escalation
A vulnerability, which was classified as critical, has been found in Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5. This issue affects an unknown function of the file Licenseinformation.jsp of the component Access Restriction. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted are confidentiality, integrity, and availability.
Mitigation:
Upgrading to version 10.6.5 eliminates this vulnerability.