Cyber Resilience

CVE-2020-29574

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 11 December 2020

Published
11 December 2020
Modified
07 November 2025
KEV Added
06 February 2025
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1007 93.2th percentile
Risk Priority 46 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-29574 is a critical-severity SQL Injection (CWE-89) vulnerability in Sophos Cyberoamos. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 6.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2020-29574 is an SQL injection vulnerability, tracked under CWE-89, that affects the WebAdmin interface of Cyberoam OS versions through 2020-12-04. The flaw carries a CVSS 3.1 base score of 9.8, reflecting network-accessible, unauthenticated exploitation with no user interaction required and full impact on confidentiality, integrity, and availability.

Unauthenticated remote attackers can supply crafted input to the WebAdmin component to execute arbitrary SQL statements against the underlying database. Successful exploitation grants the ability to read, modify, or delete data and potentially escalate control over the affected Cyberoam OS instance.

Public references indicate that Sophos, which acquired Cyberoam, released fixes addressing the SQL injection issue in Cyberoam OS. The vulnerability is also catalogued in CISA's Known Exploited Vulnerabilities list, confirming observed in-the-wild exploitation.

EU & UK References

Vulnerability details

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.

CWE(s)
KEV Date Added
06 February 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sophos
cyberoamos
≤ 2020-12-04

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of all inputs to the WebAdmin interface, directly blocking the crafted SQL payloads that enable unauthenticated remote code execution.

prevent

Requires identification and authentication for all WebAdmin access, eliminating the unauthenticated attack vector described in the CVE.

detect

Enables continuous monitoring of WebAdmin traffic and database queries to identify anomalous SQL statements indicative of exploitation attempts.

References