CVE-2020-29574
Published: 11 December 2020
Summary
CVE-2020-29574 is a critical-severity SQL Injection (CWE-89) vulnerability in Sophos Cyberoamos. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 6.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2020-29574 is an SQL injection vulnerability, tracked under CWE-89, that affects the WebAdmin interface of Cyberoam OS versions through 2020-12-04. The flaw carries a CVSS 3.1 base score of 9.8, reflecting network-accessible, unauthenticated exploitation with no user interaction required and full impact on confidentiality, integrity, and availability.
Unauthenticated remote attackers can supply crafted input to the WebAdmin component to execute arbitrary SQL statements against the underlying database. Successful exploitation grants the ability to read, modify, or delete data and potentially escalate control over the affected Cyberoam OS instance.
Public references indicate that Sophos, which acquired Cyberoam, released fixes addressing the SQL injection issue in Cyberoam OS. The vulnerability is also catalogued in CISA's Known Exploited Vulnerabilities list, confirming observed in-the-wild exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-21936
Vulnerability details
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
- CWE(s)
- KEV Date Added
- 06 February 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces validation of all inputs to the WebAdmin interface, directly blocking the crafted SQL payloads that enable unauthenticated remote code execution.
Requires identification and authentication for all WebAdmin access, eliminating the unauthenticated attack vector described in the CVE.
Enables continuous monitoring of WebAdmin traffic and database queries to identify anomalous SQL statements indicative of exploitation attempts.