1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. CyberoamOS (CROS) SQL Injection Vulnerability

Known Exploited Vulnerabilities CVE-2020-29574

CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability exploitation_technique T1055 Process Injection
Comments
Due to an improper sanitization flaw in the web-based CyberRoam WebAdmin administrative panel, an attacker with network access can use SQL injection to execute commands remotely.
References
  1. https://wnesecurity.com/cve-2020-29574-cyberoamos-cros-sql-injection-vulnerability/
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Due to an improper sanitization flaw in the web-based CyberRoam WebAdmin administrative panel, an attacker with network access can use SQL injection to execute commands remotely.
References
  1. https://wnesecurity.com/cve-2020-29574-cyberoamos-cros-sql-injection-vulnerability/