A researcher, who wishes to remain anonymous, has disclosed a flaw in Cyberoam firewall appliances. The vulnerability allows an attacker to remotely gain root-level permissions by sending malicious commands across the Internet. The attack takes advantage of the web-based user interface that sits on top of the Cyberoam firewall. Once an attacker successfully exploits this flaw, the attacker can access the entire company network. Cyberoam is typically used in large enterprises, sitting on the edge of a network and acting as a gateway to allow employee access while keeping unauthorized connections out. These devices filter out bad traffic and prevent denial of service and other network-based attacks. It also includes Virtual Private Networking (VPN) which allows employees to log in to their company’s network remotely. Sophos, which purchased Cyberoam in 2014, released an advisory this week stating that they are rolling out fixes. According to the anonymous researcher, an attacker would only need an IP address of a vulnerable device. Finding devices is quite easy: The search engine Shodan currently lists around 96,000 devices accessible to the Internet, while other search engines put that number even higher. A Sophos spokesman made the following statement: “Sophos issued an automatic hotfix to all supported versions in September, and we know that 99% of devices have already been automatically patched,” said the spokesperson. “There are a small amount of devices that have not as of yet been patched because the customer has turned off auto-update and/or are not internet-facing devices.”
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.